Free Malware Removal Forum

by **fasoldr** » December 27th, 2008, 5:14 pm

My son's computer was infested with a considerable number of malware programs. I used Spyware Doctor and Anti-Malware, which removed most of it. Spycatcher is still reporting a "device or hook is trying to install". The computer (Windows XP) boots up and shuts down very slowly. I know the slow performance may not be caused by malware.

I posted this before under a different topic name, but was not able to follow up soon enough to prevent the topic from being closed I received advice from Shaba. I posted one HiJackThis log and Shaba asked me to rename Hijackthis.exe, rerun it, and post the new log. I did that. Shaba then instructed me to download and run Rsit.exe, whick I did. Rsit.exe aborted with the following Autolt error message:

Line -1:Error: Error parsing function call

I ran the same RSIT.exe download on my own computer and it performed as expected.

I am posting the second, fasoldr.exe, run of HijackThis below.

I would appreciate any help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:23 AM, on 12/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~3\MMDiag.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Trend Micro\HijackThis\fasoldr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~3\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] C:\Program Files\SpyCatcher\SpyCatcher.exe reminder
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher\Protector.exe
O4 - Global Startup: Wireless Network Monitor.lnk = C:\Program Files\Linksys\WUSB600N\WUSB600N.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud7.sports.sc5.yahoo.com/java/y ... 1010_x.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/tes ... eGames.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://zone.msn.com/binFramework/v10/ZI ... b32846.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/ ... taller.exe
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bw+0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: secuload.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 24207 bytes

by **Carolyn** » January 6th, 2009, 8:59 am

Hello and Welcome to the forums!

My name is Carolyn and I'll be glad to help you with your computer problems. HijackThis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

Please do not run any other tool untill instructed to do so!
Please reply to this thread, do not start another!
Please tell me about any problems that have occurred during the fix.
Please tell me of any other symptoms you may be having as these can help also.
Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):

O18 - Protocol: bw+0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {E7699644-FC81-403B-A926-5CADFDC71696} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

-------------------------------------------------------------------------------------------------

Step 1

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop.

Step 2

Please download gmer.zip from Gmer and save it to your desktop.

Right click on gmer.zip and select Extract All....
Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
Click on the Browse button. Click on Desktop. Then click OK.
Click Next. It will start extracting.
Once done, check (tick) the Show extracted files box and click Finish.

Double click on gmer.exe to run it. It will start running a scan. If it detects rootkit activity, you will receive a prompt to run a full scan. Click Yes.

When done, you may receive another notice. Click OK.
Click on Save ... to save a log.
Copy and paste in Gmer.txt and click Save.
Close Gmer.

If you receive no notice, click on the Scan button.

It will start scanning again.
When done, click on Save ... to save a log.
Copy and paste in Gmer.txt and click Save.
Close Gmer.

Note: Do not run any programs while Gmer is running.

In your next reply, please post:

DDS.txt
Attach.txt
Gmer.txt

by **fasoldr** » January 10th, 2009, 9:00 pm

Thank you very much Carolyn. I am attaching .zip files for the DDS, Attach and Gmer logs. If this is wrong, I would be happy to paste the content of the files in a post.

-Ralph

by **fasoldr** » January 10th, 2009, 9:13 pm

Sorry, Carolyn. I reread your post and see you would like to have the .txt files posted. I take that to mean pasting their content here. If this is wrong, I would be happy to attach the .txt files in another posting.

-Ralph

DDS.txt

DDS (Ver_09-01-07.01) - NTFSx86
Run by Judd Fasold at 10:18:36.28 on Sat 01/10/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.340 [GMT -5:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated)
AV: Trend Micro PC-cillin Internet Security *On-access scanning enabled* (Outdated)
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpyCatcher\Protector.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\New Tier\Communicator\tray_stub.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe
C:\Documents and Settings\Judd Fasold\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [OE_OEM] "c:\program files\trend micro\internet security 12\tmas_oe\TMAS_OEMon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Communicator] c:\program files\new tier\communicator\communicator.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 12\pccguide.exe"
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [SpyCatcher Reminder] c:\program files\spycatcher\SpyCatcher.exe reminder
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [PPMemCheck] c:\progra~1\pestpa~1\PPMemCheck.exe
mRun: [PestPatrol Control Center] c:\progra~1\pestpa~1\PPControl.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [CookiePatrol] c:\progra~1\pestpa~1\CookiePatrol.exe
StartupFolder: c:\docume~1\juddfa~1\startm~1\programs\startup\schedu~1.lnk - c:\program files\spycatcher\Scheduler daemon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\spycat~1.lnk - c:\program files\spycatcher\Protector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb600n\WUSB600N.exe
uPolicies-explorer: NoThemesTab = 0 (0x0)
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoColorChoice = 0 (0x0)
uPolicies-system: NoSizeChoice = 0 (0x0)
uPolicies-system: NoVisualStyleChoice = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: secuload.dll
SEH: {DB73F90F-13D2-4434-97BB-3EB2CDC80A1E} - No File

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-2 40840]
R1 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-2 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-2 81288]
R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [2008-12-2 160792]
R3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2007-12-14 551680]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-2 356920]
R4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-2 1079176]
R4 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [2005-8-30 205328]
R4 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\trendm~1\intern~1\Tmntsrv.exe [2005-8-30 290889]
R4 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2005-8-30 585792]
R4 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2005-8-30 36368]
R4 tmproxy;Trend Micro Proxy Service;c:\progra~1\trendm~1\intern~1\tmproxy.exe [2005-8-30 262215]

=============== Created Last 30 ================

2009-01-07 15:10 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-06 20:19 <DIR> --d----- c:\program files\New Tier
2009-01-06 20:19 <DIR> --d----- c:\docume~1\juddfa~1\applic~1\New Tier
2008-12-17 15:26 <DIR> --d----- c:\docume~1\juddfa~1\applic~1\GlarySoft
2008-12-17 15:18 <DIR> --d----- c:\program files\AskBarDis

==================== Find3M ====================

2008-12-26 21:52 4,184 a--sh--- c:\windows\system32\KGyGaAvL.sys
2008-11-20 23:20 129,024 a------- c:\windows\system32\peujivtc.dll
2008-11-20 23:20 129,024 a------- c:\windows\system32\ocppkh.dll
2008-11-20 12:34 14,006 a------- c:\windows\system32\posybo.bat
2008-11-20 00:29 12,294 a------- c:\windows\system32\tinyrekici.reg
2008-11-19 23:02 129,024 a------- c:\windows\system32\xmggwk.dll
2008-11-19 23:02 129,024 a------- c:\windows\system32\miblysgw.dll
2008-11-12 00:56 19,104 a------- c:\windows\axisykok.reg
2008-11-12 00:56 15,500 a------- c:\windows\ruriricim.bat
2008-11-12 00:56 10,086 a------- c:\windows\uvevubat.dll
2008-11-12 00:56 17,362 a------- c:\windows\ajejihesid.bat
2008-11-12 00:56 16,269 a------- c:\program files\common files\ilizeniti.com
2008-11-12 00:56 15,893 a------- c:\windows\system32\cupil.sys
2008-11-12 00:56 15,037 a------- c:\windows\ujalozyhad.exe
2008-11-12 00:56 14,853 a------- c:\windows\opuqykuxex.pif
2008-11-12 00:56 14,425 a------- c:\windows\system32\ybagogez.dat
2008-11-12 00:56 13,581 a------- c:\windows\ibakybev.pif
2008-11-12 00:56 10,663 a------- c:\windows\system32\yhiximy.bin
2008-10-15 11:57 332,800 a------- c:\windows\system32\dllcache\netapi32.dll
2008-04-02 10:13 88,488 a------- c:\docume~1\juddfa~1\applic~1\GDIPFONTCACHEV1.DAT
2007-07-14 22:10 60,968 a------- c:\documents and settings\judd fasold\GoToAssistDownloadHelper.exe
2001-09-25 11:52 21,952 a---h--- c:\program files\folder.htt
2001-09-25 11:52 271 a---h--- c:\program files\desktop.ini
1999-12-07 07:00 32,528 a------- c:\windows\inf\wbfirdma.sys
2007-10-19 17:56 104 ---shr-- c:\windows\system32\3AED7B191F.sys
2007-06-14 21:41 1,808,203 ---sh--- c:\windows\system32\ybeeg.bak1
2007-07-14 08:36 1,946,433 ---sh--- c:\windows\system32\ybeeg.bak2

============= FINISH: 10:20:17.38 ===============

Attach.txt

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-07.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/16/2006 12:42:30 PM
System Uptime: 1/8/2009 10:22:33 PM (36 hours ago)

Motherboard: Dell Inc. | | 0JC474
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2793/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 70 GiB total, 30.92 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM (CDFS)
H: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1064&SUBSYS_01C41028&REV_04\4&10BD256C&0&40F0
Service: E100B

==== System Restore Points ===================

RP859: 11/11/2008 10:53:31 PM - Software Distribution Service 3.0
RP860: 11/11/2008 10:53:31 PM - System Checkpoint
RP861: 11/11/2008 10:53:31 PM - System Checkpoint
RP862: 11/11/2008 10:53:32 PM - System Checkpoint
RP863: 11/11/2008 10:53:32 PM - System Checkpoint
RP864: 11/11/2008 10:53:33 PM - System Checkpoint
RP865: 11/11/2008 10:53:33 PM - System Checkpoint
RP866: 11/11/2008 10:53:33 PM - System Checkpoint
RP867: 11/11/2008 10:53:33 PM - System Checkpoint
RP868: 11/11/2008 10:53:33 PM - System Checkpoint
RP869: 11/11/2008 10:53:34 PM - System Checkpoint
RP870: 11/11/2008 10:53:34 PM - System Checkpoint
RP871: 11/11/2008 10:53:35 PM - System Checkpoint
RP872: 11/11/2008 10:53:35 PM - System Checkpoint
RP873: 11/11/2008 10:53:35 PM - System Checkpoint
RP874: 11/11/2008 10:53:36 PM - System Checkpoint
RP875: 11/11/2008 10:53:36 PM - System Checkpoint
RP876: 11/11/2008 10:53:37 PM - System Checkpoint
RP877: 11/11/2008 10:53:37 PM - System Checkpoint
RP878: 11/11/2008 10:53:38 PM - Software Distribution Service 3.0
RP879: 11/11/2008 10:53:38 PM - System Checkpoint
RP880: 11/11/2008 10:53:39 PM - System Checkpoint
RP881: 11/11/2008 10:53:39 PM - System Checkpoint
RP882: 11/11/2008 10:53:39 PM - System Checkpoint
RP883: 11/11/2008 10:53:40 PM - System Checkpoint
RP884: 11/11/2008 10:53:40 PM - System Checkpoint
RP885: 11/11/2008 10:53:40 PM - System Checkpoint
RP886: 11/11/2008 10:53:41 PM - Configured Linksys Dual-Band Wireless-N USB Network Adapter
RP887: 11/11/2008 10:53:41 PM - System Checkpoint
RP888: 11/11/2008 10:53:42 PM - System Checkpoint
RP889: 11/11/2008 10:53:42 PM - System Checkpoint
RP890: 11/11/2008 10:53:42 PM - System Checkpoint
RP891: 11/11/2008 10:53:42 PM - System Checkpoint
RP892: 11/11/2008 10:53:43 PM - System Checkpoint
RP893: 11/11/2008 10:53:43 PM - System Checkpoint
RP894: 11/11/2008 10:53:43 PM - System Checkpoint
RP895: 11/11/2008 10:53:44 PM - System Checkpoint
RP896: 11/11/2008 10:53:44 PM - System Checkpoint
RP897: 11/11/2008 10:53:44 PM - System Checkpoint
RP898: 11/11/2008 10:53:45 PM - System Checkpoint
RP899: 11/11/2008 10:53:45 PM - System Checkpoint
RP900: 11/11/2008 10:53:45 PM - System Checkpoint
RP901: 11/11/2008 10:53:46 PM - System Checkpoint
RP902: 11/11/2008 10:53:46 PM - System Checkpoint
RP903: 11/11/2008 10:53:47 PM - System Checkpoint
RP904: 11/11/2008 10:53:47 PM - System Checkpoint
RP905: 11/11/2008 10:53:47 PM - System Checkpoint
RP906: 11/11/2008 10:53:48 PM - Installed Java(TM) 6 Update 7
RP907: 11/11/2008 10:53:48 PM - System Checkpoint
RP908: 11/11/2008 10:53:48 PM - Software Distribution Service 3.0
RP909: 11/11/2008 10:53:49 PM - System Checkpoint
RP910: 11/11/2008 10:53:49 PM - System Checkpoint
RP911: 11/11/2008 10:53:49 PM - System Checkpoint
RP912: 11/11/2008 10:53:50 PM - System Checkpoint
RP913: 11/11/2008 10:53:50 PM - System Checkpoint
RP914: 11/11/2008 10:53:50 PM - Software Distribution Service 3.0
RP915: 11/11/2008 10:53:51 PM - System Checkpoint
RP916: 11/11/2008 10:53:52 PM - System Checkpoint
RP917: 11/11/2008 10:53:52 PM - System Checkpoint
RP918: 11/11/2008 10:53:53 PM - System Checkpoint
RP919: 11/11/2008 10:53:53 PM - System Checkpoint
RP920: 11/11/2008 10:53:53 PM - System Checkpoint
RP921: 11/11/2008 10:53:54 PM - System Checkpoint
RP922: 11/11/2008 10:53:55 PM - System Checkpoint
RP923: 11/11/2008 10:53:55 PM - System Checkpoint
RP924: 11/11/2008 10:53:56 PM - System Checkpoint
RP925: 11/11/2008 10:53:56 PM - System Checkpoint
RP926: 11/11/2008 10:53:56 PM - System Checkpoint
RP927: 11/11/2008 10:53:57 PM - System Checkpoint
RP928: 11/11/2008 10:53:57 PM - System Checkpoint
RP929: 11/11/2008 10:54:04 PM - Last known good configuration
RP930: 11/15/2008 7:06:12 AM - System Checkpoint
RP931: 11/16/2008 1:17:51 PM - System Checkpoint
RP932: 11/18/2008 11:00:25 PM - System Checkpoint
RP933: 12/3/2008 11:41:38 AM - Spyware Doctor: Cleaning Threats
RP934: 12/3/2008 11:42:39 AM - Spyware Doctor: Cleaning Threats
RP935: 12/3/2008 11:43:27 AM - Spyware Doctor: Cleaning Threats
RP936: 12/8/2008 2:26:47 PM - Registry Examination
RP937: 12/9/2008 2:53:47 PM - System Checkpoint
RP938: 12/12/2008 1:57:33 PM - System Checkpoint
RP939: 12/13/2008 2:55:57 PM - System Checkpoint
RP940: 12/14/2008 3:20:33 PM - System Checkpoint
RP941: 12/15/2008 3:56:28 PM - System Checkpoint
RP942: 12/17/2008 2:24:15 PM - HIjack This
RP943: 12/17/2008 2:24:45 PM - Removed HP Update
RP944: 12/17/2008 2:24:53 PM - Installed HP Update
RP945: 12/17/2008 2:42:51 PM - 14_42_20081217
RP946: 12/17/2008 3:02:36 PM - usdhmosA
RP947: 12/17/2008 3:17:08 PM - Glary Utilities
RP948: 12/17/2008 3:29:53 PM - Revo Uninstaller's restore point - DriveImage XML (Private Edition)
RP949: 12/17/2008 3:33:47 PM - Revo Uninstaller's restore point - Glary Utilities 2.6.1
RP950: 12/17/2008 3:36:06 PM - Revo Uninstaller's restore point - HijackThis 2.0.2
RP951: 12/17/2008 3:41:12 PM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
RP952: 12/17/2008 3:50:17 PM - Restore Operation
RP953: 12/17/2008 3:54:45 PM - Restore Operation
RP954: 12/17/2008 3:59:19 PM - Restore Operation
RP955: 12/21/2008 8:40:25 AM - Revo Uninstaller's restore point - HijackThis 2.0.2
RP956: 12/22/2008 7:52:25 PM - System Checkpoint
RP957: 12/23/2008 8:49:19 PM - System Checkpoint
RP958: 12/25/2008 12:57:04 AM - System Checkpoint
RP959: 12/26/2008 1:23:14 AM - System Checkpoint
RP960: 12/27/2008 11:23:36 AM - System Checkpoint
RP961: 12/28/2008 12:15:45 PM - System Checkpoint
RP962: 12/29/2008 4:51:34 PM - System Checkpoint
RP963: 12/30/2008 6:40:41 PM - System Checkpoint
RP964: 12/31/2008 7:16:25 PM - System Checkpoint
RP965: 1/1/2009 7:33:07 PM - System Checkpoint
RP966: 1/2/2009 9:55:16 PM - System Checkpoint
RP967: 1/3/2009 10:07:08 PM - System Checkpoint
RP968: 1/5/2009 3:27:43 PM - System Checkpoint
RP969: 1/6/2009 9:12:37 PM - System Checkpoint
RP970: 1/7/2009 3:09:18 PM - Installed Java(TM) 6 Update 11
RP971: 1/9/2009 12:35:36 AM - System Checkpoint
RP972: 1/10/2009 1:38:42 AM - System Checkpoint
RP973: 1/10/2009 9:52:07 AM - hijack this

==== Installed Programs ======================

32 Bit HP CIO Components Installer
3DVIA Player 4.1
Acrobat.com
Adobe AIR
Adobe Flash Player ActiveX
Adobe Reader 7.0.7
Adobe Shockwave Player
AnswerWorks 4.0 Runtime - English
AOLIcon
Apple Mobile Device Support
Apple Software Update
Arthur's Kindergarten
Ask Toolbar
BufferChm
C4400
C4400_Help
Caillou Ready To Read
Cards_Calendar_OrderGift_DoMorePlugout
Citrix ICA Client
Citrix Presentation Server Client
Copy
Corel Photo Album 6
CustomerResearchQFolder
Dell Digital Jukebox Driver
Dell Driver Reset Tool
DellSupport
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Disney Pirates of the Caribbean Online
DocProc
DocProcQFolder
EducateU
eSupportQFolder
Fisher-Price® - Toddler
Georgetown University Desktop Communicator
Google Toolbar for Internet Explorer
GPBaseService
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB906569)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
hp instant support
hp officejet 6100 series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp officejet 6100 series
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet for Wired Connections
iPod for Windows 2005-03-23
iPod for Windows 2005-09-23
iPod for Windows 2005-10-12
iTunes
Java 2 Runtime Environment, SE v1.4.2
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 11
Java(TM) 6 Update 7
Kid Pix Deluxe 3
Learn2 Player (Uninstall Only)
Lernout & Hauspie TruVoice American English TTS Engine
Linksys Dual-Band Wireless-N USB Network Adapter
Linksys WUSB600N Dual-Band Wireless-N USB Network Adapter
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Disc 2
Microsoft Office XP Professional
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft VGX Q833989
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Musicmatch for Windows Media Player
Musicmatch® Jukebox
Napster Burn Engine
netMarket
Norton Security Scan
OCR Software by I.R.I.S. 10.0
PanoStandAlone
PowerDVD 5.5
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
Quicken 2005
QuickTime
Reader Rabbit 1st Grade
RealPlayer Basic
Scan
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB923810)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Shockwave
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
SpyCatcher 2007
Spyware Doctor 6.0
Status
Toolbox
TrayApp
Trend Micro PC-cillin Internet Security 12
TurboTax Deluxe 2007
UnloadSupport
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
VeohTV BETA
VideoToolkit01
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
Windows XP Media Center Edition 2005 KB908250
WinZip
WordPerfect Office 12

==== Event Viewer Messages From Past Week ========

1/5/2009 2:58:50 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
1/5/2009 2:56:03 PM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
1/5/2009 2:53:51 PM, error: Service Control Manager [7023] - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error: The handle is invalid.
1/5/2009 2:53:51 PM, error: Service Control Manager [7000] - The AEGIS Protocol (IEEE 802.1x) v3.5.3.0 service failed to start due to the following error: The system cannot find the file specified.
1/5/2009 2:53:47 PM, error: Print [23] - Printer HP DeskJet 672C failed to initialize because a suitable HP DeskJet 672C driver could not be found.
1/6/2009 8:04:07 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
1/6/2009 8:04:12 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
1/6/2009 8:04:12 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/7/2009 3:01:13 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

==== End Of File ===========================

Gmer.log

MER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-10 11:18:29
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateKey [0xAA6767A6]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xAA673794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xAA673F1E]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteKey [0xAA6771F0]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwDeleteValueKey [0xAA67742A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xAA67812A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwSetValueKey [0xAA67783C]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwTerminateProcess [0xAA672D0A]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xAA672384]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[128] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[128] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BC, 83 ]
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2F, 84 ]
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\PPControl.exe[208] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 01A759A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 01A78370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 01A78480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01A72E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 01A775D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 01A78400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01A77390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01A709A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01A70A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 01A6D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 01A75F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 01A76010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 01A715B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ B3, A1, C3, 83 ]
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 01A75A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 01A75AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01A70B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01A70AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 01A70C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 01A72480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 01A72530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 01A79FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 01A76880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 01A79F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 01A799F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01A79970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 01A79CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] WS2_32.dll!send 71AB428A 5 Bytes JMP 01A79020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[388] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01A78FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BD, 83 ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01932E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 019375D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01937390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 10, 85 ]
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 019309A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01930A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 0192D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 01935F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 01936010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 019315B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 01935A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 01935AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 01939FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 01936880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 01939F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 019399F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01939970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01930B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01930AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 01930C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 01932480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 01932530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\LogiTray.exe[480] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 01939CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[556] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[556] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[640] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[640] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, AA, 84 ]
.text C:\WINDOWS\system32\csrss.exe[640] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[640] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[664] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\winlogon.exe[664] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[712] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\services.exe[712] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[724] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\lsass.exe[724] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 52, 84 ]
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iTunes\iTunesHelper.exe[824] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[916] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1008] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1008] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1076] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1100] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1132] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1132] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BC, 83 ]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\spoolsv.exe[1320] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehRecvr.exe[1444] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehSched.exe[1464] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\svchost.exe[1504] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1840] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\System32\svchost.exe[1840] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\mcrdsvc.exe[1896] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3E, 84 ]
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BD, 83 ]
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\eHome\ehmsas.exe[1956] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\eHome\ehmsas.exe[1956] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 36, 84 ]
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe[1996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 31, 84 ]
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 15, 84 ]
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 37, 84 ]
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 33, 84 ]
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 31, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 00D659A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 00D68370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 28, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0D, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 00D68480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 18, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 25, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 00D68400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2B, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1F, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 22, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 2E, 5F ]
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 33, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 1E, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 2A, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 12, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 18, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 1B, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 27, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 15, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 2D, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 21, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 24, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 30, 5F ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, B9, 83 ]
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Logitech\Video\FxSvr2.exe[2352] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 0A, 84 ]
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\iPod\bin\iPodService.exe[2440] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2440] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2440] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 30, 84 ]
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\ctfmon.exe[2448] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 44, 84 ]
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Messenger\msmsgs.exe[2696] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BC, 83 ]
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01352E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 013575D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01357390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, B2, 84 ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 013509A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01350A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 0134D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 01355F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 01356010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 013515B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 01355A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes [ 33, C0, C2, 04, 00 ]
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 01355AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] WS2_32.dll!send 71AB428A 5 Bytes JMP 01359020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 01358FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01350B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01350AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 01350C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 01352480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 01352530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 01359FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 01356880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 01359F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 013599F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 01359970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 01359CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D92E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D975D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D97390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 56, 84 ]
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D909A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D90A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D8D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D95F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D96010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D915B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D95A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D95AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D90B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D90AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D90C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D92480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D92530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D99FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D96880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D99F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D999F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D99970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D99CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ws2_32.dll!send 71AB428A 5 Bytes JMP 00D99020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\DellSupport\DSAgnt.exe[3172] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D98FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DB2E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00DB75D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[3392] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DB7390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 58, 84 ]
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DB09A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DB0A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00DAD710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00DB5F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00DB6010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00DB15B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00DB5A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00DB5AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00DB0B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00DB0AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00DB0C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00DB2480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00DB2530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00DB9FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00DB6880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00DB9F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00DB99F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00DB9970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ole32.dll!StgOpenStorage 7750793D 3 Bytes JMP 00DB9CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] ole32.dll!StgOpenStorage + 4 77507941 1 Byte [ 89 ]
.text C:\WINDOWS\Explorer.EXE[3392] WS2_32.dll!send 71AB428A 5 Bytes JMP 00DB9020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\Explorer.EXE[3392] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00DB8FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dllhost.exe[3444] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, E7, 83 ]
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\dllhost.exe[3444] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\dllhost.exe[3444] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dllhost.exe[3444] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 40, 84 ]
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\ehome\ehtray.exe[3592] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2F, 84 ]
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!SetScrollInfo 7E419056 7 Bytes JMP 022FD5F7 C:\Program Files\SpyCatcher\skin.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!GetScrollInfo 7E420DA2 7 Bytes JMP 022FD57F C:\Program Files\SpyCatcher\skin.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!ShowScrollBar 7E42F2B3 5 Bytes JMP 022FD67B C:\Program Files\SpyCatcher\skin.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!GetScrollPos 7E42F6C4 5 Bytes JMP 022FD5A7 C:\Program Files\SpyCatcher\skin.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!SetScrollPos 7E42F710 5 Bytes JMP 022FD622 C:\Program Files\SpyCatcher\skin.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!GetScrollRange 7E42F747 5 Bytes JMP 022FD5CC C:\Program Files\SpyCatcher\skin.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!SetScrollRange 7E42F95B 5 Bytes JMP 022FD64D C:\Program Files\SpyCatcher\skin.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] USER32.dll!EnableScrollBar 7E467DDD 7 Bytes JMP 022FD557 C:\Program Files\SpyCatcher\skin.dll (SkinMagic Toolkit/Appspeed Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Protector.exe[3608] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2F, 84 ]
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\hkcmd.exe[3628] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BC, 83 ]
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\igfxpers.exe[3672] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D92E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D975D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D97390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 56, 84 ]
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D909A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D90A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D8D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D95F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D96010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D915B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D95A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D95AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D90B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D90AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D90C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D92480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D92530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D99FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D96880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D99F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D999F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D99970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Java\jre6\bin\jusched.exe[3700] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D99CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 19, 84 ]
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\dla\tfswctrl.exe[3728] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3E, 84 ]
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 18, 84 ]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\WINDOWS\system32\LVCOMSX.EXE[3760] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DD2E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00DD75D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00DD7390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 5A, 84 ]
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00DD09A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00DD0A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00DCD710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00DD5F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00DD6010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00DD15B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00DD5A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00DD5AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00DD0B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00DD0AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00DD0C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00DD2480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00DD2530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00DD9FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00DD6880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00DD9F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00DD99F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00DD9970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00DD9CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2F, 84 ]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ntdll.dll!NtCreateFile 7C90D682 5 Bytes JMP 025359A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ntdll.dll!NtCreateKey 7C90D6D6 5 Bytes JMP 02538370 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ntdll.dll!NtDeleteValueKey 7C90D8CE 5 Bytes JMP 02538480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 02532E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 025375D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ntdll.dll!NtSetValueKey 7C90E7BC 5 Bytes JMP 02538400 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02537390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 025309A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02530A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 0252D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 02535F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 02536010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 025315B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ C7, A1, C3, 83 ]
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 02535A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 02535AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 02530B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 02530AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 02530C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 02532480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 02532530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 02539FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 02536880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 02539F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 025399F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 02539970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 02539CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] WS2_32.dll!send 71AB428A 5 Bytes JMP 02539020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3840] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 02538FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 31, 84 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2F, 84 ]
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00D699F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00D69970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F92E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00F975D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F97390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 5D, 84 ]
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F909A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F90A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00F8D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00F95F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00F96010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00F915B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00F95A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00F95AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00F99FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00F96880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00F99F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 00F999F0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00F99970 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00F90B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00F90AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00F90C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00F92480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00F92530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00F99CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] WS2_32.dll!send 71AB428A 5 Bytes JMP 00F99020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00F98FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BC, 83 ]
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\New Tier\Communicator\tray_stub.exe[4112] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, BC, 83 ]
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Judd Fasold\Desktop\gmer.exe[4208] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3D, 84 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe[4252] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01392E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 013975D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01397390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, A2, 84 ]
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 013909A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01390A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 0138D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 01395F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 01396010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 013915B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 01395A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 01395AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 01390B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 01390AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 01390C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 01392480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 01392530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 01399FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 01396880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 01399F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 01399CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ws2_32.dll!send 71AB428A 5 Bytes JMP 01399020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Documents and Settings\Judd Fasold\Application Data\U3\0000167EB774CB51\LaunchPad.exe[4320] ws2_32.dll!WSASend 71AB6233 5 Bytes JMP 01398FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 2F, 84 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] WS2_32.dll!send 71AB428A 5 Bytes JMP 00D69020 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe[4848] WS2_32.dll!WSASend 71AB6233 5 Bytes JMP 00D68FA0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00D62E80 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtSetSystemInformation 7C90E729 5 Bytes JMP 00D675D0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D67390 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes [ 47, E4, 3E, 84 ]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D609A0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D60A30 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!CloseHandle 7C809B47 5 Bytes JMP 00D5D710 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 00D65F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!FreeLibraryAndExitThread 7C80C170 5 Bytes JMP 00D66010 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 00D615B0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!WriteFile 7C810D87 5 Bytes JMP 00D65A40 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] kernel32.dll!WriteFileEx 7C85C701 5 Bytes JMP 00D65AB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ADVAPI32.dll!CreateProcessAsUserW 77DF7775 5 Bytes JMP 00D60B60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ADVAPI32.dll!CreateProcessAsUserA 77E10958 5 Bytes JMP 00D60AC0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ADVAPI32.dll!CreateProcessWithLogonW 77E15C9D 5 Bytes JMP 00D60C00 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ADVAPI32.dll!CreateServiceA 77E37071 5 Bytes JMP 00D62480 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ADVAPI32.dll!CreateServiceW 77E37209 5 Bytes JMP 00D62530 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] USER32.dll!SystemParametersInfoW 7E419F06 5 Bytes JMP 00D69FD0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] USER32.dll!GetAsyncKeyState 7E41F3B3 5 Bytes JMP 00D66880 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] USER32.dll!SystemParametersInfoA 7E420762 5 Bytes JMP 00D69F60 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe[5048] ole32.dll!StgOpenStorage 7750793D 5 Bytes JMP 00D69CB0 C:\WINDOWS\system32\Protector.dll (API Guard/Tenebril Inc.)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[128] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[128] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\PESTPA~1\PPMemCheck.exe[200] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\PESTPA~1\PPControl.exe[208] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\PESTPA~1\PPControl.exe[208] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\PROGRA~1\PESTPA~1\PPControl.exe[208] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\PESTPA~1\PPControl.exe[208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Spyware Doctor\pctsAuxs.exe[264] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe[476] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Logitech\Video\LogiTray.exe[480] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Logitech\Video\LogiTray.exe[480] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Logitech\Video\LogiTray.exe[480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Logitech\Video\LogiTray.exe[480] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[556] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[556] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\winlogon.exe [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\winlogon.exe[664] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\services.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\lsass.exe[724] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\iTunes\iTunesHelper.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\iTunes\iTunesHelper.exe[824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\iTunes\iTunesHelper.exe[824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\iTunes\iTunesHelper.exe[824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[916] @ c:\windows\system32\rpcss.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[916] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[916] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[968] @ c:\windows\system32\rpcss.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[968] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ c:\windows\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1008] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ c:\windows\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ c:\windows\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1132] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe[1204] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe[1236] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\spoolsv.exe[1320] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1420] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehRecvr.exe[1444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\eHome\ehSched.exe[1464] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\system32\svchost.exe[1504] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\Program Files\Java\jre6\bin\jqs.exe[1688] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\USERENV.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\System32\svchost.exe[1840] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\WINDOWS\ehome\mcrdsvc.exe[1896] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe[1908] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe[1976] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Trend Micro\Internet Security 12\TMAS_OE\TMAS_OEMon.exe[2140] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2188] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe[2256] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\PESTPA~1\CookiePatrol.exe[2288] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!NtDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F340000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwDeleteValueKey] 5F140000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!ZwCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F390000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtSetValueKey] 5F100000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!NtCreateKey] 5F050000
IAT C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe[2324] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!NtCreateFile] 5F1B0000
IAT C:\WINDOWS\system32\ctfmon.exe[2448] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\ctfmon.exe[2448] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\ctfmon.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\WINDOWS\system32\ctfmon.exe[2448] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Messenger\msmsgs.exe[2696] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Messenger\msmsgs.exe[2696] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Messenger\msmsgs.exe[2696] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Messenger\msmsgs.exe[2696] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2860] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Veoh Networks\Veoh\VeohClient.exe[2912] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\DellSupport\DSAgnt.exe[3172] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\DellSupport\DSAgnt.exe[3172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\DellSupport\DSAgnt.exe[3172] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\DellSupport\DSAgnt.exe[3172] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\Explorer.EXE[3392] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\Explorer.EXE[3392] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\WINDOWS\Explorer.EXE[3392] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\Explorer.EXE[3392] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\ehome\ehtray.exe[3592] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\ehome\ehtray.exe[3592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\WINDOWS\ehome\ehtray.exe[3592] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\ehome\ehtray.exe[3592] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\SpyCatcher\Protector.exe[3608] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\SpyCatcher\Protector.exe[3608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\SpyCatcher\Protector.exe[3608] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\SpyCatcher\Protector.exe[3608] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\hkcmd.exe[3628] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\hkcmd.exe[3628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\WINDOWS\system32\hkcmd.exe[3628] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\hkcmd.exe[3628] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\igfxpers.exe[3672] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\igfxpers.exe[3672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\WINDOWS\system32\igfxpers.exe[3672] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\igfxpers.exe[3672] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3700] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3700] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Java\jre6\bin\jusched.exe[3700] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3728] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3728] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\dla\tfswctrl.exe[3728] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe[3752] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\LVCOMSX.EXE[3760] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\LVCOMSX.EXE[3760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\WINDOWS\system32\LVCOMSX.EXE[3760] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\WINDOWS\system32\LVCOMSX.EXE[3760] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe[3768] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[3824] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F0D0000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!SetWindowsHookExW] 5F0D0000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F050000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F0D0000
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3840] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F090000
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe[3932] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\SpyCatcher\Scheduler daemon.exe[3956] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExA] 5F2F0000
IAT C:\Program Files\Real\RealPlayer\RealPlay.exe[4088] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000

---- Devices - GMER 1.0.14 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp pctfw2.sys (PC Tools TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver/Trend Micro Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.14 ----

by **Carolyn** » January 12th, 2009, 3:33 pm

Hi,

I notice that there is more than one antivirus program installed on your computer. This is very dangerous, as multiple antivirus programs can interfere with one another and actually allow MORE viruses to get through. When you have more than one antivirus program installed at the same time, they conflict with each other rendering the computer vulnerable or unusable.

It is NOT safe to have more than one anti-virus installed on a system, and doing so not only does NOT provide better protection, it will actually cause additional problems. Anti-virus programs patch into the system kernel. Having more than one anti-virus patching into the system kernel will not only destabilize a system, it can corrupt system files and it WILL cause crashes!

Your log indicates that Trend Micro Antivirus is outdated. If this is because your subscription has expired and you are now using Spyware Doctor with AntiVirus instead, the please uninstall Trend Micro PC-cillin Internet Security.

Go to "Start -> Control Panel -> Add/Remove Programs" and uninstall the following programs
Trend Micro PC-cillin Internet Security <--- uninstall this only if your subscription has expired
Norton Security Scan

If your subscription to Trend Micro has not expired and you want to keep that program, please uninstall Spyware Doctor instead.

-------------------------------------------------------------------------

Uninstall Ask Toolbar
I recommend that you uninstall Ask Toolbar due to that companies use of disceptive and otherwise questionable practices.
Please read this article, Current Practices of IAC/Ask Toolbars.
If you decide to uninstall Ask Toolbar, you can do so as follows:

Click Start, point to Settings, and then click Control Panel.
In Control Panel, double-click Add or Remove Programs.
In Add or Remove Programs, highlight Ask Toolbar, click Remove.

-------------------------------------------------------------------------

Please download Malwarebytes' Anti-Malware and save it to a convenient location.
1. Double click on mbam-setup.exe to install it.
2. Before clicking the Finish button, make sure that these 2 boxes are checked (ticked):
3. Malwarebytes' Anti-Malware will now check for updates. If your firewall prompts, please allow it. If you can't update it, select the Update tab. Under Update Mirror, select one of the websites and click on Check for Updates.
4. Select the Scanner tab. Click on Perform full scan, then click on Scan.
5. Leave the default options as it is and click on Start Scan.
6. When done, you will be prompted. Click OK, then click on Show Results.
7. Checked (ticked) all items and click on Remove Selected.
8. After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.
Next,
- Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
- Double click on RSIT.exe to run RSIT.
- Click Continue at the disclaimer screen.
- Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Please post the following:
1. The Malwarebyte's Anti-Malware log
2. The contents of log.txt
3. The contents of info.txt

by **fasoldr** » January 12th, 2009, 3:49 pm

Thank you for the advice. There are actually THREE antispyware programs on the computer: PC-cillin, Spyware Doctor with Antispyware and Spycatcher. PC-cillin is expired, so I will uninstall it (OK to use Revo Uninstaller?), and also one of the others. I will also remove the Ask toolbar.

I have run Malwarebyte's Antimalware, but it's been awhile. It did remove some nasties from the system. I'll run it again.

I tried to run RSIT a couple of weeks ago, at Shaba's suggestion, and it refused to start. I'll try again, after removing the excess spyware programs.

Ralph

by **Carolyn** » January 12th, 2009, 4:07 pm

I've never used Revo Uninstaller myself. I would suggest that you use the uninstaller that came with Trend Micro first. Here is a link from the Trend Micro site

http://esupport.trendmicro.com/support/ ... 2#P41_1729

The problems you had before with RSIT may very well have had to do with the security products installed on the computer. Let me know how it goes this time.

by **fasoldr** » January 16th, 2009, 8:16 pm

Hi Carolyn,

My son is an adult with his own family and I do not have ready access to his computer. I am eager to try your suggestions, but I've had a small health problem that is keeping me from going to my son's house. I hope I can keep this topic open for a few more days, without having to start it over.

Thanks for all your help.

-Ralph

by **Carolyn** » January 16th, 2009, 8:36 pm

I am sorry to hear that you have been ill. We can keep this topic open for a few days. If you don't reply to this thread for 5 days, it will be closed for inactivity, so don't be a stranger.

Feel better,
Carolyn

by **NonSuch** » January 21st, 2009, 9:23 pm

Due to lack of activity, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.

Free Malware Removal Forum

Device or hook trying to install

Device or hook trying to install

Re: Device or hook trying to install

Re: Device or hook trying to install

Re: Device or hook trying to install

Re: Device or hook trying to install

Re: Device or hook trying to install

Re: Device or hook trying to install

Re: Device or hook trying to install

Re: Device or hook trying to install

Re: Device or hook trying to install

Who is online