Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search results redirected


  • This topic is locked This topic is locked
12 replies to this topic

#1 plesh

plesh

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 05 April 2010 - 08:14 PM

Hi
Google search results are being redirected
And some sites are being blocked, S-Bot updates etc

Files as requested are attached


DDS (Ver_10-03-17.01) - NTFSx86
Run by Plesh at 10:18:02.43 on Tue 06/04/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_19
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3038.1741 [GMT 10:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Telstra\BigPond Connection Client\BigPondCC.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SMINST\BLService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Plesh\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.8.0.41\IPSBHO.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [BigPond Connection Client] c:\program files\telstra\bigpond connection client\BigPondCC.exe
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [UCam_Menu] "c:\program files\hewlett-packard\media\webcam\muitransfer\muistartmenu.exe" "c:\program files\hewlett-packard\media\webcam" update "software\hewlett-packard\media\Webcam"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [TVAgent] "c:\program files\hewlett-packard\media\tv\TVAgent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &AOL Toolbar Search - c:\programdata\aol\ietoolbar\resources\en-au\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
TCP: NameServer = 93.188.162.16,93.188.161.55
TCP: {41BE3CA1-8393-4C6E-9219-9C5D6E0B15BD} = 93.188.162.16,93.188.161.55
TCP: {64BF6043-B4BA-48EC-A900-04A2F0BED21C} = 93.188.162.16,93.188.161.55
TCP: {F584D7A4-4137-4144-8F14-C64030DFDD23} = 93.188.162.16,93.188.161.55
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.8.0.41\CoIEPlg.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\plesh\appdata\roaming\mozilla\firefox\profiles\txi0abgh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-5 207280]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308000.029\SymEFA.sys [2010-2-2 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308000.029\BHDrvx86.sys [2010-2-2 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308000.029\cchpx86.sys [2010-2-2 482432]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100326.001\IDSvix86.sys [2010-3-26 343088]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/07/20 03:38:38];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-11-29 87536]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_827e372d\AEstSrv.exe [2009-3-2 81920]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-5 112592]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-4-2 67584]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-2-2 117640]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2009-1-20 365952]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-4-2 582992]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-5 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-5 1141712]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVCapSvc.exe [2009-2-9 296320]
R2 TVSched;TV Task Scheduler (TVTS);c:\program files\hewlett-packard\media\tv\kernel\tv\TVSched.exe [2009-2-9 116096]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2009-7-20 1114880]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2009-1-20 222512]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-9-5 54784]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-22 102448]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-10-23 107360]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360\0308000.029\symndisv.sys [2010-2-2 48688]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-4-2 206608]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-18 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-7 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-10-6 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-10-6 8320]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-4-2 206608]

=============== Created Last 30 ================

2010-04-06 00:15:59 0 ----a-w- c:\users\plesh\defogger_reenable
2010-04-05 10:22:51 0 d-----w- c:\users\plesh\appdata\roaming\PC Tools
2010-04-05 10:22:51 0 d-----w- c:\programdata\PC Tools
2010-04-05 10:22:51 0 d-----w- c:\program files\Spyware Doctor
2010-04-05 10:22:51 0 d-----w- c:\program files\common files\PC Tools
2010-04-02 05:18:42 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-04-01 21:27:39 0 d-----w- c:\program files\Cobian Backup 8
2010-04-01 21:08:38 0 d-----w- c:\program files\Cobian Backup 10
2010-04-01 04:58:53 0 d-----w- c:\programdata\Sun
2010-03-30 10:01:10 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-30 10:01:10 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-28 05:41:14 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-04-05 23:44:55 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-05 23:44:55 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-04-02 05:19:39 86016 ----a-w- c:\windows\inf\infstor.dat
2010-03-08 18:28:20 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 12:56:38 22308 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-07 09:27:07 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-07 08:02:30 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-12-31 02:32:18 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-01-20 07:00:57 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:19:51.05 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 09 April 2010 - 05:18 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 plesh

plesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 April 2010 - 08:40 AM

Hi Elise, and thanks for your response and help!

Just to let you know whats going on here, the first thing (I noticed) was google redirection etc, but then there were problems connecting to Security based web sites and/or downloading updates to security based programs. Then there is a pop-up, fun but it popped up straight after I downloaded OTL, looks authentic, "Windows Internet Security" Your Browser is under the threat of infection. Windows requires your permission to install on line protection tool. ?? I have it as a screen shot if you want more info on that one.

I couldn't find the 2nd OTL file? there was nothing else minimized to the toolbar? "(extra.txt)

The files wouldn't fit on one post so the OTL is below and the Gmer on the next post to follow


OTL logfile created on: 9/04/2010 8:42:48 PM - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Plesh\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.53 Gb Total Space | 347.89 Gb Free Space | 76.54% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 430.31 Gb Free Space | 92.39% Space Free | Partition Type: NTFS
Drive E: | 11.23 Gb Total Space | 1.85 Gb Free Space | 16.50% Space Free | Partition Type: NTFS
Drive F: | 2.58 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PLESH-PC
Current User Name: Plesh
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/09 20:35:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Plesh\Desktop\OTL.exe
PRC - [2010/03/30 09:49:58 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) -- C:\Program Files\Cobian Backup 10\cbVSCService.exe
PRC - [2010/01/18 14:14:26 | 001,286,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/11/11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/27 09:14:22 | 000,128,000 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2009/09/10 05:21:57 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2009/08/22 18:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
PRC - [2009/06/03 20:43:18 | 000,450,652 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 16:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2009/02/09 18:13:36 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/26 06:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/26 06:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/18 10:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/11/29 11:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/19 12:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/11/06 11:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/11/06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2008/06/20 06:17:36 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/06/20 06:17:36 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/03/18 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007/09/14 11:50:00 | 001,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/09 20:35:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Plesh\Desktop\OTL.exe
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/09/09 22:54:58 | 000,155,184 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2009/04/11 16:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/30 09:49:58 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files\Cobian Backup 10\cbVSCService.exe -- (cbVSCService)
SRV - [2010/01/18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/12/09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/11/10 10:28:08 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/25 11:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/22 18:14:09 | 000,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe -- (N360)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/06/03 20:43:18 | 000,217,170 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\stacsv.exe -- (STacSV)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/03/02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\AEstSrv.exe -- (AESTFilters)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2009/02/09 18:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2009/02/09 18:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/12/18 10:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/11/24 22:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/06 11:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2008/03/18 22:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/01/21 12:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/02/03 19:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100408.039\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 19:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100408.039\NAVENG.SYS -- (NAVENG)
DRV - [2009/12/23 08:33:24 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/16 19:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/16 19:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/10/29 08:37:22 | 000,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100402.001\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/06 11:56:34 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009/10/06 11:56:32 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/10/06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/09/23 16:10:06 | 000,207,280 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/09/02 03:09:24 | 000,176,128 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009/08/22 18:14:09 | 000,482,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2009/08/22 18:14:09 | 000,310,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SYMEFA.SYS -- (SymEFA)
DRV - [2009/08/22 18:14:09 | 000,308,272 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\Drivers\N360\0308000.029\SRTSP.SYS -- (SRTSP)
DRV - [2009/08/22 18:14:09 | 000,259,632 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/08/22 18:14:09 | 000,217,136 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/22 18:14:09 | 000,089,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/22 18:14:09 | 000,048,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0308000.029\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2009/08/22 18:14:09 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0308000.029\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/08/22 18:13:59 | 000,025,648 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/06/03 20:43:18 | 000,407,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/01/20 17:00:55 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/01/20 17:00:55 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/01/20 17:00:55 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2009/01/01 00:00:52 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/12/03 12:03:00 | 001,114,880 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerBDA716x.sys -- (AVerBDA6x)
DRV - [2008/11/29 11:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/07/20 03:38:38] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/11/17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/10/23 19:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/10/09 15:42:42 | 000,017,408 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/09/05 03:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/25 02:48:04 | 000,201,264 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/06/23 21:54:08 | 000,081,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/06/23 21:54:08 | 000,080,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/06/23 21:54:08 | 000,016,168 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/03/28 05:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/28 05:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 03:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2008/01/21 12:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 12:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 12:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 12:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 12:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 12:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 12:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 12:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 12:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 12:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 12:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 12:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 12:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 12:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 12:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 12:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 12:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 12:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 12:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 12:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 12:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 12:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/21 12:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/06/19 10:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 19:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 19:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 19:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 19:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 19:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 19:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 19:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 19:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 19:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 19:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 19:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 18:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 18:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 18:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 18:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 18:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 18:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 17:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 17:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com.au/"
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.723

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/12/26 08:51:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2010/04/08 16:59:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/01 03:18:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/01 03:19:00 | 000,000,000 | ---D | M]

[2009/09/16 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Plesh\AppData\Roaming\Mozilla\Extensions
[2009/09/16 18:35:27 | 000,000,000 | ---D | M] -- C:\Users\Plesh\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2010/04/06 17:33:02 | 000,000,000 | ---D | M] -- C:\Users\Plesh\AppData\Roaming\Mozilla\Firefox\Profiles\txi0abgh.default\extensions
[2009/09/10 05:08:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Plesh\AppData\Roaming\Mozilla\Firefox\Profiles\txi0abgh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/08 16:58:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/05 16:46:43 | 000,385,900 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13312 more lines...
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll File not found
O3 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003..\Run: [BigPond Connection Client] C:\Program Files\Telstra\BigPond Connection Client\BigPondCC.exe (Telstra Corporation)
O4 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O7 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\..Trusted Domains: bigpond.com ([register] https in Local intranet)
O15 - HKU\S-1-5-21-1989398654-3191416751-2019218033-1003\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.16,93.188.161.55
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\CoIEPlg.dll (Symantec Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Plesh\Pictures\splashtop.jpg
O24 - Desktop BackupWallPaper: C:\Users\Plesh\Pictures\splashtop.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/16 07:53:15 | 000,000,062 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{51291860-9c91-11de-9d6c-806e6f6e6963}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 20:35:18 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Plesh\Desktop\OTL.exe
[2010/04/08 17:14:17 | 000,000,000 | ---D | C] -- C:\Users\Plesh\AppData\Roaming\Opera
[2010/04/08 17:14:17 | 000,000,000 | ---D | C] -- C:\Users\Plesh\AppData\Local\Opera
[2010/04/08 17:11:20 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010/04/07 18:21:14 | 000,000,000 | ---D | C] -- C:\Users\Plesh\Desktop\Tools
[2010/04/07 18:09:58 | 000,000,000 | ---D | C] -- C:\Program Files\QuickZip4
[2010/04/06 06:48:52 | 000,000,000 | ---D | C] -- C:\Users\Plesh\Desktop\Logs
[2010/04/06 06:26:10 | 000,000,000 | ---D | C] -- C:\Users\Plesh\Desktop\setups
[2010/04/05 20:23:46 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/04/05 20:23:46 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/04/05 20:23:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/04/05 20:23:21 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/04/05 20:23:21 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/04/05 20:23:15 | 000,207,280 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/04/05 20:23:14 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/04/05 20:23:04 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/04/05 20:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/05 20:22:51 | 000,000,000 | ---D | C] -- C:\Users\Plesh\AppData\Roaming\PC Tools
[2010/04/05 20:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/05 20:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/02 16:29:11 | 000,670,072 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Plesh\Desktop\autoruns.exe
[2010/04/02 15:25:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/02 15:21:44 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/04/02 15:18:42 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\TMPassthru.sys
[2010/04/02 15:17:47 | 000,000,000 | ---D | C] -- C:\Users\Plesh\AppData\Roaming\InstallShield
[2010/04/02 09:07:27 | 000,000,000 | ---D | C] -- C:\rsit
[2010/04/02 07:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 8
[2010/04/02 07:09:05 | 000,000,000 | ---D | C] -- C:\Users\Plesh\AppData\Local\Safe mirror
[2010/04/02 07:08:38 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2010/04/02 06:59:03 | 015,194,112 | ---- | C] (Luis Cobian, CobianSoft) -- C:\Users\Plesh\Desktop\cbSetup.exe
[2010/04/01 14:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/01 14:58:24 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/01 14:58:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/01 14:58:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/03/31 19:35:09 | 006,509,608 | ---- | C] (Macrovision Corporation) -- C:\Users\Plesh\Desktop\RUBotted.exe
[2010/03/31 19:34:25 | 001,840,232 | ---- | C] (Trend Micro) -- C:\Users\Plesh\Desktop\HousecallLauncher.exe
[2010/03/30 21:06:56 | 000,000,000 | ---D | C] -- C:\Users\Plesh\AppData\Local\Threat Expert
[2010/03/30 20:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/03/30 20:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/03/28 16:31:52 | 000,000,000 | ---D | C] -- C:\Users\Plesh\Desktop\HiJackThis
[2010/03/28 15:41:14 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/15 08:16:14 | 000,000,000 | ---D | C] -- C:\Users\Plesh\Desktop\Tibet Map

========== Files - Modified Within 30 Days ==========

[2010/04/09 20:42:21 | 005,767,168 | -HS- | M] () -- C:\Users\Plesh\NTUSER.DAT
[2010/04/09 20:41:32 | 000,277,476 | ---- | M] () -- C:\Users\Plesh\Desktop\WIS.jpg
[2010/04/09 20:35:50 | 000,293,376 | ---- | M] () -- C:\Users\Plesh\Desktop\g95eyl4c.exe
[2010/04/09 20:35:18 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Plesh\Desktop\OTL.exe
[2010/04/09 20:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/09 19:47:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 19:47:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/09 19:10:48 | 000,264,136 | ---- | M] () -- C:\Users\Plesh\Documents\09042010_003_.jpeg
[2010/04/09 19:10:33 | 000,278,447 | ---- | M] () -- C:\Users\Plesh\Documents\09042010.jpeg
[2010/04/09 19:10:26 | 000,215,552 | ---- | M] () -- C:\Users\Plesh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/09 18:11:49 | 000,011,762 | ---- | M] () -- C:\Users\Plesh\Documents\The Lancang River is the longest river flowing from north to south in China.docx
[2010/04/09 18:11:12 | 000,002,627 | ---- | M] () -- C:\Users\Plesh\Desktop\Word.lnk
[2010/04/09 17:29:03 | 000,113,611 | ---- | M] () -- C:\Users\Plesh\Desktop\Mekong_delta.jpg
[2010/04/09 16:20:10 | 000,002,633 | ---- | M] () -- C:\Users\Plesh\Desktop\Microsoft Office Outlook 2007.lnk
[2010/04/09 15:47:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/08 17:04:29 | 000,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/08 17:04:29 | 000,647,086 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/08 17:04:29 | 000,123,374 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/08 16:58:05 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/08 16:58:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/08 16:57:55 | 3184,738,304 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/08 06:40:19 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/04/08 06:40:16 | 000,524,288 | -HS- | M] () -- C:\Users\Plesh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 06:40:16 | 000,065,536 | -HS- | M] () -- C:\Users\Plesh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/08 06:40:10 | 003,950,400 | -H-- | M] () -- C:\Users\Plesh\AppData\Local\IconCache.db
[2010/04/07 18:22:41 | 000,000,931 | ---- | M] () -- C:\Users\Plesh\AppData\Roaming\QuickZip45.ini
[2010/04/06 10:15:59 | 000,000,000 | ---- | M] () -- C:\Users\Plesh\defogger_reenable
[2010/04/06 10:00:40 | 000,525,824 | ---- | M] () -- C:\Users\Plesh\Desktop\dds.scr
[2010/04/05 20:23:11 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/05 16:46:43 | 000,385,900 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/03 23:35:57 | 000,002,585 | ---- | M] () -- C:\Users\Plesh\Desktop\Excel.lnk
[2010/04/02 16:29:18 | 000,670,072 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\Plesh\Desktop\autoruns.exe
[2010/04/02 14:39:17 | 003,906,159 | ---- | M] () -- C:\Users\Plesh\Desktop\ComboFix.exe
[2010/04/02 14:38:15 | 000,050,477 | ---- | M] () -- C:\Users\Plesh\Desktop\Defogger.exe
[2010/04/02 06:59:04 | 015,194,112 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Users\Plesh\Desktop\cbSetup.exe
[2010/04/01 16:25:23 | 000,781,909 | ---- | M] () -- C:\Users\Plesh\Desktop\RSIT.exe
[2010/04/01 15:36:39 | 000,001,087 | ---- | M] () -- C:\Users\Plesh\Desktop\Spybot - Search & Destroy.lnk
[2010/03/31 19:57:10 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100405-164643.backup
[2010/03/31 19:37:40 | 000,000,036 | ---- | M] () -- C:\Users\Plesh\AppData\Local\housecall.guid.cache
[2010/03/31 19:35:09 | 006,509,608 | ---- | M] (Macrovision Corporation) -- C:\Users\Plesh\Desktop\RUBotted.exe
[2010/03/31 19:34:36 | 001,840,232 | ---- | M] (Trend Micro) -- C:\Users\Plesh\Desktop\HousecallLauncher.exe
[2010/03/29 17:31:00 | 000,006,836 | ---- | M] () -- C:\Users\Plesh\AppData\Local\d3d9caps.dat
[2010/03/27 10:58:03 | 000,009,399 | ---- | M] () -- C:\Users\Plesh\Desktop\To Do List.xlsx
[2010/03/24 19:33:05 | 000,011,272 | ---- | M] () -- C:\Users\Plesh\Documents\Book1.xlsx
[2010/03/20 13:51:48 | 000,012,496 | ---- | M] () -- C:\Users\Plesh\Documents\Every woman has that magic button that.docx
[2010/03/20 11:07:00 | 004,075,064 | ---- | M] () -- C:\Users\Plesh\Desktop\iphone_user_guide.pdf
[2010/03/15 15:07:56 | 000,091,841 | ---- | M] () -- C:\Users\Plesh\Desktop\23056989.jpg
[2010/03/15 09:00:54 | 000,072,970 | ---- | M] () -- C:\Users\Plesh\Desktop\confbr.rtf
[2010/03/15 08:44:46 | 000,189,600 | ---- | M] () -- C:\Users\Plesh\Desktop\panneau26br.jpg
[2010/03/15 07:41:00 | 003,652,391 | ---- | M] () -- C:\Users\Plesh\Documents\Great Story.wmv
[2010/03/15 07:33:00 | 001,875,968 | ---- | M] () -- C:\Users\Plesh\Documents\accident-drift-lituanie.mpg
[2010/03/11 17:29:31 | 000,026,037 | ---- | M] () -- C:\Users\Plesh\Desktop\651828281_1036211167.csv

========== Files Created - No Company Name ==========

[2010/04/09 20:41:32 | 000,277,476 | ---- | C] () -- C:\Users\Plesh\Desktop\WIS.jpg
[2010/04/09 20:35:50 | 000,293,376 | ---- | C] () -- C:\Users\Plesh\Desktop\g95eyl4c.exe
[2010/04/09 19:10:48 | 000,264,136 | ---- | C] () -- C:\Users\Plesh\Documents\09042010_003_.jpeg
[2010/04/09 19:10:33 | 000,278,447 | ---- | C] () -- C:\Users\Plesh\Documents\09042010.jpeg
[2010/04/09 18:11:49 | 000,011,762 | ---- | C] () -- C:\Users\Plesh\Documents\The Lancang River is the longest river flowing from north to south in China.docx
[2010/04/09 17:28:29 | 000,113,611 | ---- | C] () -- C:\Users\Plesh\Desktop\Mekong_delta.jpg
[2010/04/07 18:21:10 | 000,000,931 | ---- | C] () -- C:\Users\Plesh\AppData\Roaming\QuickZip45.ini
[2010/04/06 10:15:59 | 000,000,000 | ---- | C] () -- C:\Users\Plesh\defogger_reenable
[2010/04/06 10:00:35 | 000,525,824 | ---- | C] () -- C:\Users\Plesh\Desktop\dds.scr
[2010/04/05 20:23:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/04/05 20:23:46 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/04/05 20:23:46 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/04/05 20:23:46 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/04/05 20:23:46 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/04/05 20:23:21 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/04/05 20:23:15 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/04/05 20:23:14 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/04/05 20:23:11 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/04/05 20:23:04 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/04/02 14:39:16 | 003,906,159 | ---- | C] () -- C:\Users\Plesh\Desktop\ComboFix.exe
[2010/04/02 14:38:13 | 000,050,477 | ---- | C] () -- C:\Users\Plesh\Desktop\Defogger.exe
[2010/04/01 16:24:26 | 000,781,909 | ---- | C] () -- C:\Users\Plesh\Desktop\RSIT.exe
[2010/04/01 15:30:46 | 000,001,087 | ---- | C] () -- C:\Users\Plesh\Desktop\Spybot - Search & Destroy.lnk
[2010/03/31 19:37:40 | 000,000,036 | ---- | C] () -- C:\Users\Plesh\AppData\Local\housecall.guid.cache
[2010/03/24 19:33:04 | 000,011,272 | ---- | C] () -- C:\Users\Plesh\Documents\Book1.xlsx
[2010/03/20 13:51:48 | 000,012,496 | ---- | C] () -- C:\Users\Plesh\Documents\Every woman has that magic button that.docx
[2010/03/20 11:07:00 | 004,075,064 | ---- | C] () -- C:\Users\Plesh\Desktop\iphone_user_guide.pdf
[2010/03/15 15:08:08 | 000,091,841 | ---- | C] () -- C:\Users\Plesh\Desktop\23056989.jpg
[2010/03/15 09:00:54 | 000,072,970 | ---- | C] () -- C:\Users\Plesh\Desktop\confbr.rtf
[2010/03/15 08:46:19 | 000,189,600 | ---- | C] () -- C:\Users\Plesh\Desktop\panneau26br.jpg
[2010/03/15 07:41:00 | 003,652,391 | ---- | C] () -- C:\Users\Plesh\Documents\Great Story.wmv
[2010/03/15 07:33:00 | 001,875,968 | ---- | C] () -- C:\Users\Plesh\Documents\accident-drift-lituanie.mpg
[2010/03/11 17:29:30 | 000,026,037 | ---- | C] () -- C:\Users\Plesh\Desktop\651828281_1036211167.csv
[2010/02/22 16:52:31 | 000,000,632 | RHS- | C] () -- C:\Users\Plesh\ntuser.pol
[2010/02/13 14:11:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/02/01 05:47:47 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2010/01/09 13:20:33 | 000,004,096 | -H-- | C] () -- C:\Users\Plesh\AppData\Local\keyfile3.drm
[2009/09/18 17:37:09 | 000,006,836 | ---- | C] () -- C:\Users\Plesh\AppData\Local\d3d9caps.dat
[2009/09/18 06:53:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/09 17:49:40 | 000,215,552 | ---- | C] () -- C:\Users\Plesh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/08 19:24:13 | 000,000,000 | ---- | C] () -- C:\Users\Plesh\AppData\Local\QSwitch.txt
[2009/09/08 19:24:13 | 000,000,000 | ---- | C] () -- C:\Users\Plesh\AppData\Local\DSwitch.txt
[2009/09/08 19:24:13 | 000,000,000 | ---- | C] () -- C:\Users\Plesh\AppData\Local\AtStart.txt
[2009/09/08 19:23:54 | 000,048,626 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/09/08 19:10:39 | 000,000,020 | -HS- | C] () -- C:\Users\Plesh\ntuser.ini
[2009/09/08 19:10:38 | 005,767,168 | -HS- | C] () -- C:\Users\Plesh\NTUSER.DAT
[2009/09/08 19:10:38 | 000,524,288 | -HS- | C] () -- C:\Users\Plesh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009/09/08 19:10:38 | 000,524,288 | -HS- | C] () -- C:\Users\Plesh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009/09/08 19:10:38 | 000,262,144 | -H-- | C] () -- C:\Users\Plesh\ntuser.dat.LOG1
[2009/09/08 19:10:38 | 000,065,536 | -HS- | C] () -- C:\Users\Plesh\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009/09/08 19:10:38 | 000,000,000 | -H-- | C] () -- C:\Users\Plesh\ntuser.dat.LOG2
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/31 11:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/07/20 20:46:23 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/07/20 20:46:13 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/07/20 20:45:47 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/07/20 20:45:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/07/20 20:44:14 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/07/20 20:10:03 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/01/20 17:07:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/20 17:03:11 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/20 17:01:48 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/20 17:00:50 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/12/31 22:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 22:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 17:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/15 06:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8



Cheers Elise, and thanks!


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 09 April 2010 - 08:55 AM

I'm missing the GMER log ohmy.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 plesh

plesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 April 2010 - 09:23 AM

Hi Elise

The GMER File in 3 sections

No1






GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-09 22:46:36
Windows 6.0.6002 Service Pack 2
Running: g95eyl4c.exe; Driver: C:\Users\Plesh\AppData\Local\Temp\kglcapoc.sys


---- System - GMER 1.0.15 ----

SSDT 89DF52C8 ZwAlertResumeThread
SSDT 89F0A880 ZwAlertThread
SSDT 89DC8130 ZwAllocateVirtualMemory
SSDT 89BAA2F8 ZwAlpcConnectPort
SSDT 89F1F120 ZwAssignProcessToJobObject
SSDT 89F50BE8 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x8A980CDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x8A980ECE]
SSDT 89F59BC0 ZwCreateSymbolicLinkObject
SSDT 89F14D88 ZwCreateThread
SSDT 89F2A630 ZwDebugActiveProcess
SSDT 89DC8008 ZwDuplicateObject
SSDT 8A1FF988 ZwFreeVirtualMemory
SSDT 89D59948 ZwImpersonateAnonymousToken
SSDT 89D7D0F8 ZwImpersonateThread
SSDT 89B71618 ZwLoadDriver
SSDT 89F47928 ZwMapViewOfSection
SSDT 89F04110 ZwOpenEvent
SSDT 8A7992B0 ZwOpenProcess
SSDT 89DE0EB0 ZwOpenProcessToken
SSDT 89F24F08 ZwOpenSection
SSDT 89F45E58 ZwOpenThread
SSDT 89F574B0 ZwProtectVirtualMemory
SSDT 89DE2150 ZwResumeThread
SSDT 89DE8960 ZwSetContextThread
SSDT 89F47398 ZwSetInformationProcess
SSDT 89F284D0 ZwSetSystemInformation
SSDT 89F13118 ZwSuspendProcess
SSDT 89DFA1F0 ZwSuspendThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x8A980982]
SSDT 89DED870 ZwTerminateThread
SSDT 89DE9BE8 ZwUnmapViewOfSection
SSDT 89F49008 ZwWriteVirtualMemory
SSDT 89F58378 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8A9810D6]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 11D 81EC3880 8 Bytes [C8, 52, DF, 89, 80, A8, F0, ...]
.text ntkrnlpa.exe!KeSetEvent + 131 81EC3894 4 Bytes [30, 81, DC, 89]
.text ntkrnlpa.exe!KeSetEvent + 13D 81EC38A0 4 Bytes [F8, A2, BA, 89]
.text ntkrnlpa.exe!KeSetEvent + 191 81EC38F4 4 Bytes [20, F1, F1, 89]
.text ntkrnlpa.exe!KeSetEvent + 209 81EC396C 8 Bytes [DC, 0C, 98, 8A, CE, 0E, 98, ...]
.text ...
.rsrc C:\Windows\system32\drivers\atapi.sys entry point in ".rsrc" section [0x82900000]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F00C000, 0x2311A4, 0xE8000020]
.text C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl section is writeable [0xA195D000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in ".vmp2" section [0xA1980050]
? C:\Windows\system32\Drivers\PROCEXP140.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[272] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[272] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\taskeng.exe[332] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[332] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Windows\system32\taskeng.exe[332] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\taskeng.exe[332] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[332] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[332] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\aestsrv.exe[540] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[564] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\csrss.exe[564] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[628] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\wininit.exe[628] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[636] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\csrss.exe[636] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[672] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\services.exe[672] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[692] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\lsm.exe[692] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\winlogon.exe[800] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[828] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[828] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\unsecapp.exe[836] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[836] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\unsecapp.exe[836] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\unsecapp.exe[836] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Windows\system32\wbem\unsecapp.exe[836] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[880] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[880] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1036] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1036] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1120] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1120] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_827e372d\STacSV.exe[1164] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1296] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1364] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Ati2evxx.exe[1524] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\Ati2evxx.exe[1524] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Hpservice.exe[1536] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\Hpservice.exe[1536] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1640] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1640] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[1980] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\Dwm.exe[1980] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1988] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\System32\spoolsv.exe[1988] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1996] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\taskeng.exe[1996] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A




#6 plesh

plesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 April 2010 - 09:25 AM

No 2

.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[2020] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\Explorer.EXE[2020] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[2056] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\agrsmsvc.exe[2056] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2084] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe[2104] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[2112] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2140] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2164] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2212] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[2212] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Cobian Backup 10\cbVSCService.exe[2232] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[2300] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2448] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[2512] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe[2544] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2612] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[2612] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SMINST\BLService.exe[2636] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\SMINST\BLService.exe[2636] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\CyberLink\Shared files\RichVideo.exe[2704] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2720] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe[2740] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe[2748] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe[2756] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe[2772] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe[2784] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2828] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[2864] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe[2900] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[2960] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3060] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3092] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[3164] kernel32.dll!CreateThread + 1A 77E1C928 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3172] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3180] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A




#7 plesh

plesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 April 2010 - 09:30 AM

No 3



.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe[3244] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\IDT\WDM\sttray.exe[3268] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\IDT\WDM\sttray.exe[3268] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\IDT\WDM\sttray.exe[3268] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDT\WDM\sttray.exe[3268] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\IDT\WDM\sttray.exe[3268] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3280] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[3280] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[3368] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[3380] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3396] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3440] kernel32.dll!CreateThread + 1A 77E1C928 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[3496] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[3564] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe[3652] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe[3668] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3708] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3716] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3744] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3960] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[4016] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A







#8 plesh

plesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 April 2010 - 09:31 AM

and 3.5

.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4032] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Windows\system32\SearchIndexer.exe[4032] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[4196] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F3E0F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F370F5A
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4364] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F410F5A
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Users\Plesh\Desktop\g95eyl4c.exe[4392] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4916] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe[5128] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[5220] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe[5592] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5652] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5652] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5652] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5652] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Windows\system32\DllHost.exe[5756] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\DllHost.exe[5756] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\DllHost.exe[5756] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\DllHost.exe[5756] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\DllHost.exe[5756] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Windows\system32\DllHost.exe[5756] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[5772] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[5988] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] KERNEL32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[6060] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtClose 77CB4314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtClose + 4 77CB4318 2 Bytes [42, 5F] {INC EDX; POP EDI}
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateFile 77CB43D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateFile + 4 77CB43D8 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateKey 77CB4414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateKey + 4 77CB4418 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateProcess 77CB4494 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateProcess + 4 77CB4498 2 Bytes [36, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateProcessEx 77CB44A4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateProcessEx + 4 77CB44A8 2 Bytes [39, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateSection 77CB44C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateSection + 4 77CB44C8 2 Bytes [30, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtDeleteKey 77CB47C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtDeleteKey + 4 77CB47C8 2 Bytes [18, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtDeleteValueKey 77CB47F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtDeleteValueKey + 4 77CB47F8 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtRenameKey 77CB50C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtRenameKey + 4 77CB50C8 2 Bytes [21, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtSetInformationFile 77CB52E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtSetInformationFile + 4 77CB52E8 2 Bytes [2D, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtSetValueKey 77CB5454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtSetValueKey + 4 77CB5458 2 Bytes [1B, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtTerminateProcess 77CB54F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtTerminateProcess + 4 77CB54F8 2 Bytes [3C, 5F] {CMP AL, 0x5f}
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtWriteFile 77CB5644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtWriteFile + 4 77CB5648 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtWriteFileGather 77CB5654 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtWriteFileGather + 4 77CB5658 2 Bytes [2A, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtWriteVirtualMemory 77CB5674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtWriteVirtualMemory + 4 77CB5678 2 Bytes [3F, 5F] {AAS ; POP EDI}
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateUserProcess 77CB5804 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] ntdll.dll!NtCreateUserProcess + 4 77CB5808 2 Bytes [33, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] kernel32.dll!LoadLibraryExW 77DF9109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[6772] USER32.dll!ChangeDisplaySettingsExA 76A66FE7 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\WUDFHost.exe[6772] USER32.dll!SetForegroundWindow 76A6B8A6 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\WUDFHost.exe[6772] USER32.dll!SetWindowPos 76A735E3 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[6772] USER32.dll!SetWindowPos + 4 76A735E7 2 Bytes [0B, 5F]
.text C:\Windows\system32\WUDFHost.exe[6772] USER32.dll!ChangeDisplaySettingsExW 76AAA9E4 6 Bytes JMP 5F100F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[3164] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[3164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3440] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[3440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 [828FC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 [828FC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort0 [828FC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort1 [828FC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort2 [828FC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdePort3 [828FC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 [828FC9B0] \SystemRoot\system32\drivers\atapi.sys[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xac]}
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys
Device \Driver\BTHUSB \Device\000000c1 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000c1 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\BTHUSB \Device\000000bf bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000bf bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247ea09747
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00247ea09747@002668c15438 0xF5 0x4B 0x38 0xA7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247ea09747 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00247ea09747@002668c15438 0xF5 0x4B 0x38 0xA7 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.UYVY msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YUY2 msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVYU msyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.IYUV iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.i420 iyuv_32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVU9 tsbyuv.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm C:\Windows\System32\l3codeca.acm
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@MSVideo8 VfWWDM32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3codecp
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave4 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi3 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer4 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave3 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi2 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer3 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer1 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave2 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer2 wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.siren sirenacm.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1989398654-3191416751-2019218033-1003@RefCount 12

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 09 April 2010 - 09:33 AM

Hello again,

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 plesh

plesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 09 April 2010 - 06:11 PM

Hi Elise

Its a "No Brainer" really, when in doubt throw it out!

I have reinstalled to OS,... But it was from the recovery files that were stored in the Recover Partition? Not quite 100% untainted disc.???

Could you let me know what you found, maybe via a PM

Thanks for your help
Plesh




#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 10 April 2010 - 02:11 AM

Restoring the system is indeed the most safe thing. A recovery partition is usually pretty good protected and using it to restore your system to factory settings makes sure any infection is gone.

You were infected with the TDL3 rootkit, as shown in GMER
QUOTE
File C:\Windows\system32\drivers\atapi.sys suspicious modification

This is a TDSS family rootkit and infects the mass storage drive controller. It opens a backdoor to communicate and helps protecting other malware present on a system.

Please let me know if you have any more questions.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 plesh

plesh
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:43 PM

Posted 11 April 2010 - 03:05 AM

Hi Elise

All Good. thanks for the info and your assistance.

Plesh

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:43 PM

Posted 11 April 2010 - 06:48 AM

You are welcome smile.gif

This topic will now be closed. If you need it reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users