Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clients Server Runtime Process csrss.exe Possible Infection


  • Please log in to reply
8 replies to this topic

#1 CompTechAa

CompTechAa

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 13 July 2010 - 07:22 PM

Hi all,

Upon searchng the startup list on this website I found the following entry.

Clients Server Runtime Process csrss.exe X Added by the W32/Sdbot-CPF worm and IRC backdoor.

The process is running on my Vista machine. I ran Malwarebytes and Superantispyware but the process continues to run. Does this mean that the computer is infected? And if so, how do I clean it out? Besides this process there are about 90 others running at the same time. Thanks for the time.

Posted Image
Posted Image
Posted Image

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:51 PM

Posted 13 July 2010 - 10:35 PM

If you still have those logs from Malwarebytes Anti-Malware can you post them?

If not then perform the following scans with updated databases of each of the following and run full scans:

Download the following:

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


Make sure you run full scans of MBAM and SAS, and make sure they are updated. It seems to me like you are getting false positives, but to be sure Id like to see the scans.

#3 CompTechAa

CompTechAa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 14 July 2010 - 09:54 AM

Thank you for a very complete set of instructions. I think I may still have the logs for MBAM and SAS; I'm at work at the moment but will try and post the logs sometime today. Thanks for the help.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:51 PM

Posted 14 July 2010 - 12:46 PM

Just post them when you can, and rerun the scans if you can as well.

#5 CompTechAa

CompTechAa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 14 July 2010 - 08:00 PM

Hi there,

Here are the logs for Malwarebytes and Superantispyware; they are both recent in-depth/full scans. I will go ahead and scan with GMER and post that later today. Thanks!



====================================================================================================Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4298

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

7/9/2010 10:18:48 PM
mbam-log-2010-07-09 (22-18-48).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 269231
Time elapsed: 2 hour(s), 4 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antispywaremaster (Rogue.AntiSpywareSolution) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AntiSpywareMaster\asm.exe (Rogue.AntiSpywareSolution) -> Quarantined and deleted successfully.
C:\Users\Cristina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZIWZ7AL\MoveMediaPlayer_07103010[1].exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Cristina\Downloads\AVbinrun_2024-3_b8.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
====================================================================================================
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/09/2010 at 11:41 PM

Application Version : 4.40.1002

Core Rules Database Version : 5180
Trace Rules Database Version: 2992

Scan type : Complete Scan
Total Scan Time : 01:12:05

Memory items scanned : 1032
Memory threats detected : 0
Registry items scanned : 8762
Registry threats detected : 0
File items scanned : 36517
File threats detected : 314

Adware.Tracking Cookie
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@track.webbranddeals[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@free.version.antispywaremaster[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@www.coolsavings[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@msnportal.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@bs.serving-sys[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@serving-sys[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@pointroll[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@advertising[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@mediaplex[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@doubleclick[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@zedo[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@insightexpressai[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@ykeeper.antispywaremaster[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@ads.pointroll[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@atdmt[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\cristina@microsoftwlmessengermkt.112.2o7[1].txt
C:\Users\Cristina\AppData\Local\Temp\Low\Cookies\cristina@ad.wsod[2].txt
C:\Users\Cristina\AppData\Local\Temp\Low\Cookies\cristina@atdmt[1].txt
C:\Users\Cristina\AppData\Local\Temp\Low\Cookies\cristina@doubleclick[2].txt
C:\Users\Cristina\AppData\Local\Temp\Low\Cookies\cristina@msnportal.112.2o7[1].txt
a.ads1.msn.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
a.ads2.msads.net [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
ads1.msn.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
ads2.msads.net [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
adsatt.espn.go.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
b.ads2.msads.net [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
bannerfarm.ace.advertising.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
cdn4.specificclick.net [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
convoad.technoratimedia.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
crackle.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
espn360.channelfinder.net [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
ia.media-imdb.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
interclick.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
m1.2mdn.net [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
media.basspro.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
media.scanscout.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
media.tattomedia.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
media.usermade.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
media01.kyte.tv [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
media1.break.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
msnbcmedia.msn.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
msntest.serving-sys.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
objects.tremormedia.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
oddcast.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
s0.2mdn.net [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
secure-us.imrworldwide.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
serving-sys.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
udn.specificclick.net [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
www.pornhub.com [ C:\Users\Cristina\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\PWEETF6N ]
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ad.wsod[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.worldlingomedia[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@v7.stats.load[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@media6degrees[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@aotracker[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.socialreach[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@mediaplex[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ge.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.coolsavings[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@serving-sys[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.burstnet[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@triseptsolutions.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@eyewonder[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@media.photobucket[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@livenation.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@checkpointsoftwaretechnologies.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@track.bestbuy[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@rotator.adjuggler[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.telegraph.co[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ar.atwola[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ar.atwola[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@bluestreak[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@account.mycricket[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@bgtpartners.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@myaccount.verizonwireless[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ru4[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@paypal.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@zanox[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@bassproshops.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@edgeadx[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.clickmanage[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.3dstats[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@sales.liveperson[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@sales.liveperson[6].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@tradedoubler[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@walmartcom.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@terra.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@coolsavings[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@sales.liveperson[3].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@sales.liveperson[7].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@nextag[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@walmart.112.2o7[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@microsoftinternetexplorer.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@advanceinternet.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@sales.liveperson[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@sales.liveperson[5].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@banners1.sninews[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@tacoda[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@intermundomedia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@liveperson[5].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@trackalyzer[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@liveperson[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adbureau[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@hitbox[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@legolas-media[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.oatracking[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@revsci[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@edge.ru4[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@liveperson[3].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@realmedia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@pornpassforall[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@bravenet[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@liveperson[4].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@99counters[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@bs.serving-sys[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@insightexpressai[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@advertising[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@imrworldwide[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@network.realmedia[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@kontera[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@microsoftwindows.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adlegend[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@fastclick[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.lasvegas[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.undertone[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@bookit.advertserve[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@xm.xtendmedia[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@leapfrogonline.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@247realmedia[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.homeandabroad[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.ad4game[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.toseeka[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@yieldmanager[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.hotadver[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@pornhub[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@at.atwola[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@e-2dj6wjlocidzieo.stats.esomniture[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@content.yieldmanager[3].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@trvlnet.adbureau[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.bridgetrack[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@overture[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@doubleclick[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@pro-market[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@clickbank[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@track.mtrgsrv[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@lfstmedia[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-mh.hitbox[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@revenue[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@microsoftwlsearchcrm.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@content.yieldmanager[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@yieldmanager[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@mercurypartsexpress[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.gamersmedia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@a1.interclick[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ad2.doublepimp[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@e-2dj6wjkownazglo.stats.esomniture[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@publicidad[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ad.yieldmanager[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@socialmedia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.googleadservices[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@twctsg.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-verizon.hitbox[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@trafficmp[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.googleadservices[4].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@specificclick[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.burstbeacon[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@statcounter[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@server.cpmstar[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-findlaw.hitbox[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@media.adfrontiers[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@xml.trafficengine[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.mycricket[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@questionmarket[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@dynamic.media.adrevolver[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adecn[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.directnetadvertising[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@kanoodle[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@atdmt[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@weborama[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@oasn04.247realmedia[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@azjmp[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@microsoftwlcashback.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@pointroll[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@anheuserbusch.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@crackle[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@fhg.pornpassforall[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adopt.specificclick[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@microsoftconsumermarketing.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@euroclick[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.gmbtrack[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@traveladvertising[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@chitika[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@burstnet[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@zedo[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adxpose[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@burstbeacon[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ad.turn[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@cdn4.specificclick[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adbrite[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adrevolver[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@c1.e94stats[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.as4x.tmcs.ticketmaster[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@marketlive.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@citi.bridgetrack[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads2.weblogssl[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@movieticketscom.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.cnn[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@enhance[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.trackericp[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@basstrackerboats[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-reddoorinteractive.hitbox[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@msnbc.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@zillow.adbureau[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@msnaccountservices.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@dailyheraldpaddockpublication.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adtech[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ad.xplusone[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@invitemedia[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@media.adrevolver[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@eas.apm.emediate[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@public.findlaw[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@criminal.findlaw[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@apmebf[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@trinitymirror.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.esmas[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@statse.webtrendslive[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@lucidmedia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@linksynergy[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@eb.adbureau[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@tripod[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-dig.hitbox[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@search.123findjobs[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adinterax[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@viacom.adbureau[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@dc.tremormedia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@publicidadinternet.lavozdegalicia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@videoegg.adbureau[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@track.webbranddeals[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.pointroll[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@atwola[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@counter.hitslink[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@smartadserver[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@beacon.dmsinsights[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.us.e-planning[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adopt.euroclick[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@casalemedia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@interclick[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@toseeka[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@dmtracker[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-futurepub.hitbox[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@iacas.adbureau[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@c5.zedo[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@collective-media[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@cgm.adbureau[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@tracking.admarketplace[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@server.iad.liveperson[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@bizrate[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.associatedcontent[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-theactivenetwork.hitbox[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.mediageeks[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.xapads[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@s.clickability[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@richmedia.yahoo[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.socialtrack[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@cms.trafficmp[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@restoredchurchofgod.112.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@bannertgt[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.pornhub[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@server.iad.liveperson[5].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@server.iad.liveperson[4].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@usatourist.advertserve[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@specificmedia[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@data.coremetrics[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@adserver.adtechus[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@findlaw[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.bcserving[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.belointeractive[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ads.lagranred[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@www.ecoretrack[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@tribalfusion[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@roiservice[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@e-2dj6wmmikidjeeo.stats.esomniture[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-yamahamotors.hitbox[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@red7media[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-groupernetworks.hitbox[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@elephantgroup.122.2o7[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@ehg-hollywoodmedia.hitbox[2].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@perf.overture[1].txt
C:\Users\Cristina\AppData\Roaming\Microsoft\Windows\Cookies\Low\cristina@msnportal.112.2o7[1].txt

Adware.Flash Tracking Cookie
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\BANNERFARM.ACE.ADVERTISING.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\MSNTEST.SERVING-SYS.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\SERVING-SYS.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\ESPN360.CHANNELFINDER.NET
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\CONVOAD.TECHNORATIMEDIA.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\IA.MEDIA-IMDB.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\MEDIA.SCANSCOUT.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\MEDIA.TATTOMEDIA.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\MEDIA.USERMADE.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\MEDIA1.BREAK.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\MSNBCMEDIA.MSN.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\OBJECTS.TREMORMEDIA.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\INTERCLICK.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\UDN.SPECIFICCLICK.NET
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\CRACKLE.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\A.ADS1.MSN.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\ADS1.MSN.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\A.ADS2.MSADS.NET
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\ADS2.MSADS.NET
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\B.ADS2.MSADS.NET
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\M1.2MDN.NET
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\SECURE-US.IMRWORLDWIDE.COM
C:\Users\Cristina\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\PWEETF6N\ODDCAST.COM

Trojan.Agent/Gen-FakeAlert
C:\USERS\CRISTINA\APPDATA\LOCAL\TEMP\LOW\0.18406341294616668.EXE
====================================================================================================

#6 CompTechAa

CompTechAa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 14 July 2010 - 09:01 PM

GMER log Part 1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-14 20:48:05
Windows 6.0.6002 Service Pack 2
Running: c4ue7hbg.exe; Driver: C:\Users\Cristina\AppData\Local\Temp\fxddrkoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwClose [0x8BD9A160]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateFile [0x8BD99868]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateKey [0x8BD96320]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcess [0x8BD98E90]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateProcessEx [0x8BD98D9C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThread [0x8BD993FC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteFile [0x8BD9A210]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteKey [0x8BD96786]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwDeleteValueKey [0x8BD96846]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwLoadDriver [0x8C52B01C]
SSDT \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.) ZwMapViewOfSection [0x8C52B168]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenFile [0x8BD99B54]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwOpenKey [0x8BD965CA]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwResumeThread [0x8BD994EC]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetInformationFile [0x8BD99E8C]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwSetValueKey [0x8BD969BC]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8C542620]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwWriteFile [0x8BD99DE0]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateThreadEx [0x8BD9948E]
SSDT \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.) ZwCreateUserProcess [0x8BD98F82]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8C5D29C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1A9 822BF90C 4 Bytes [60, A1, D9, 8B]
.text ntkrnlpa.exe!KeSetEvent + 1D9 822BF93C 4 Bytes [68, 98, D9, 8B]
.text ntkrnlpa.exe!KeSetEvent + 1E9 822BF94C 4 Bytes [20, 63, D9, 8B]
.text ntkrnlpa.exe!KeSetEvent + 209 822BF96C 8 Bytes [90, 8E, D9, 8B, 9C, 8D, D9, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 822BF984 4 Bytes [FC, 93, D9, 8B]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 823EA28F 5 Bytes JMP 8C5CE5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 82443038 5 Bytes JMP 8C5CFF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 824448C3 7 Bytes JMP 8C5D29C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[568] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00110720
.text C:\Windows\system32\csrss.exe[568] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001107AC
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001102C0
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessA 76291C28 5 Bytes JMP 00110234
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00110694
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00110090
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001103D8
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0011034C
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001101A8
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0011011C
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00110004
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateThread 762DC90E 5 Bytes JMP 0011057C
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001104F0
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!WinExec 76325CF7 5 Bytes JMP 00110464
.text C:\Windows\system32\csrss.exe[568] KERNEL32.dll!SetThreadContext 7632794A 5 Bytes JMP 00110608
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000702C0
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00070234
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00070694
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00070090
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000703D8
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0007034C
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000701A8
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0007011C
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00070004
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0007057C
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000704F0
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00070464
.text C:\Windows\system32\wininit.exe[620] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00070608
.text C:\Windows\system32\wininit.exe[620] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00070720
.text C:\Windows\system32\wininit.exe[620] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000707AC
.text C:\Windows\system32\csrss.exe[628] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00110720
.text C:\Windows\system32\csrss.exe[628] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001107AC
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001102C0
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!CreateProcessA 76291C28 5 Bytes JMP 00110234
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00110694
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00110090
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001103D8
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0011034C
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001101A8
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0011011C
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00110004
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!CreateThread 762DC90E 5 Bytes JMP 0011057C
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001104F0
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!WinExec 76325CF7 5 Bytes JMP 00110464
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!SetThreadContext 7632794A 5 Bytes JMP 00110608
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\services.exe[668] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\services.exe[668] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\services.exe[668] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\services.exe[668] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\services.exe[668] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\services.exe[668] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\services.exe[668] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\lsass.exe[700] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\lsass.exe[700] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\lsass.exe[700] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\winlogon.exe[708] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\lsm.exe[716] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\lsm.exe[716] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\lsm.exe[716] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\System32\spoolsv.exe[756] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\System32\spoolsv.exe[756] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\System32\spoolsv.exe[756] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Bonjour\mDNSResponder.exe[788] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[892] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[892] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[892] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[896] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[896] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[896] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[996] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[996] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\svchost.exe[996] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\svchost.exe[996] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\System32\svchost.exe[1040] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\System32\svchost.exe[1040] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\System32\svchost.exe[1040] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\System32\svchost.exe[1040] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\System32\svchost.exe[1040] wininet.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00030F54
.text C:\Windows\System32\svchost.exe[1040] wininet.dll!InternetConnectW 76EEF862 5 Bytes JMP 00030FE0
.text C:\Windows\System32\svchost.exe[1040] wininet.dll!InternetOpenA 76EFD690 5 Bytes JMP 00030D24
.text C:\Windows\System32\svchost.exe[1040] wininet.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00030DB0
.text C:\Windows\System32\svchost.exe[1040] wininet.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00030E3C
.text C:\Windows\System32\svchost.exe[1040] wininet.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00030EC8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[1128] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\system32\Ati2evxx.exe[1136] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\system32\Ati2evxx.exe[1136] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\system32\Ati2evxx.exe[1136] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[1148] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Dell\MediaDirect\PCMService.exe[1196] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\System32\svchost.exe[1240] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\System32\svchost.exe[1240] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\System32\svchost.exe[1240] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[1272] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[1272] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\svchost.exe[1272] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\AUDIODG.EXE[1344] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\AUDIODG.EXE[1344] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\AUDIODG.EXE[1344] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\AUDIODG.EXE[1344] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\AUDIODG.EXE[1344] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\AUDIODG.EXE[1344] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[1372] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\svchost.exe[1372] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\svchost.exe[1372] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\System32\WLTRAY.EXE[1444] KERNEL32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\System32\WLTRAY.EXE[1444] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\System32\WLTRAY.EXE[1444] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\System32\WLTRAY.EXE[1444] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Windows\System32\WLTRAY.EXE[1444] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Windows\System32\WLTRAY.EXE[1444] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[1472] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\svchost.exe[1472] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\svchost.exe[1472] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\system32\svchost.exe[1472] WinInet.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00030F54
.text C:\Windows\system32\svchost.exe[1472] WinInet.dll!InternetConnectW 76EEF862 5 Bytes JMP 00030FE0
.text C:\Windows\system32\svchost.exe[1472] WinInet.dll!InternetOpenA 76EFD690 5 Bytes JMP 00030D24
.text C:\Windows\system32\svchost.exe[1472] WinInet.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00030DB0
.text C:\Windows\system32\svchost.exe[1472] WinInet.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00030E3C
.text C:\Windows\system32\svchost.exe[1472] WinInet.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00030EC8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1568] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\system32\Ati2evxx.exe[1576] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\system32\Ati2evxx.exe[1576] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\system32\Ati2evxx.exe[1576] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000702C0
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00070234
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00070694
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00070090
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000703D8
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0007034C
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000701A8
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0007011C
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00070004
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0007057C
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000704F0
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00070464
.text C:\Windows\system32\svchost.exe[1664] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00070608
.text C:\Windows\system32\svchost.exe[1664] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00070720
.text C:\Windows\system32\svchost.exe[1664] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000707AC
.text C:\Windows\system32\svchost.exe[1664] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000708C4
.text C:\Windows\system32\svchost.exe[1664] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00070950
.text C:\Windows\system32\svchost.exe[1664] WS2_32.dll!bind 774D652F 5 Bytes JMP 00070838
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\System32\WLTRYSVC.EXE[1848] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\System32\WLTRYSVC.EXE[1848] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\System32\WLTRYSVC.EXE[1848] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\system32\aestsrv.exe[1860] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\System32\bcmwltry.exe[1872] KERNEL32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\System32\bcmwltry.exe[1872] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\System32\bcmwltry.exe[1872] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\System32\bcmwltry.exe[1872] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Windows\System32\bcmwltry.exe[1872] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Windows\System32\bcmwltry.exe[1872] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] wininet.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] wininet.dll!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] wininet.dll!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] wininet.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] wininet.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1880] wininet.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] WININET.DLL!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] WININET.DLL!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] WININET.DLL!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] WININET.DLL!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] WININET.DLL!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[2004] WININET.DLL!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8

#7 CompTechAa

CompTechAa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 14 July 2010 - 09:03 PM

GAMER log Part 2


.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\system32\dlcxcoms.exe[2056] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\system32\dlcxcoms.exe[2056] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\system32\dlcxcoms.exe[2056] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\system32\dldtcoms.exe[2136] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\system32\dldtcoms.exe[2136] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\system32\dldtcoms.exe[2136] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\system32\dldtcoms.exe[2136] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Windows\system32\dldtcoms.exe[2136] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Windows\system32\dldtcoms.exe[2136] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[2320] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[2320] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[2320] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[2320] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\svchost.exe[2320] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\svchost.exe[2320] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\WindowsMobile\wmdc.exe[2348] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\WindowsMobile\wmdc.exe[2348] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\WindowsMobile\wmdc.exe[2348] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00030F54
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00030FE0
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00030D24
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00030DB0
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00030E3C
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00030EC8
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\WindowsMobile\wmdc.exe[2348] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2368] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2528] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2552] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] KERNEL32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[2604] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] WININET.DLL!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] WININET.DLL!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] WININET.DLL!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] WININET.DLL!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] WININET.DLL!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[2616] WININET.DLL!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\system32\STacSV.exe[2640] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\system32\STacSV.exe[2640] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\system32\STacSV.exe[2640] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[2708] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[2708] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[2708] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\System32\svchost.exe[2740] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\SearchIndexer.exe[2792] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\SearchIndexer.exe[2792] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\SearchIndexer.exe[2792] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\SearchIndexer.exe[2792] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\SearchIndexer.exe[2792] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\SearchIndexer.exe[2792] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\system32\DRIVERS\xaudio.exe[2848] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Program Files\Dell Photo AIO Printer 926\memcard.exe[3120] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe[3180] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\taskeng.exe[3640] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\taskeng.exe[3640] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\taskeng.exe[3640] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\taskeng.exe[3640] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00030F54
.text C:\Windows\system32\taskeng.exe[3640] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00030FE0
.text C:\Windows\system32\taskeng.exe[3640] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00030D24
.text C:\Windows\system32\taskeng.exe[3640] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00030DB0
.text C:\Windows\system32\taskeng.exe[3640] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00030E3C
.text C:\Windows\system32\taskeng.exe[3640] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00030EC8
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\taskeng.exe[3900] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\taskeng.exe[3900] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\taskeng.exe[3900] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\taskeng.exe[3900] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00030F54
.text C:\Windows\system32\taskeng.exe[3900] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00030FE0
.text C:\Windows\system32\taskeng.exe[3900] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00030D24
.text C:\Windows\system32\taskeng.exe[3900] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00030DB0
.text C:\Windows\system32\taskeng.exe[3900] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00030E3C
.text C:\Windows\system32\taskeng.exe[3900] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00030EC8
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\Dwm.exe[3920] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\Dwm.exe[3920] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\Dwm.exe[3920] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Windows\OEM02Mon.exe[3976] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Windows\OEM02Mon.exe[3976] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Windows\OEM02Mon.exe[3976] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\Explorer.EXE[3996] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\Explorer.EXE[3996] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\Explorer.EXE[3996] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\Explorer.EXE[3996] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00030F54
.text C:\Windows\Explorer.EXE[3996] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00030FE0
.text C:\Windows\Explorer.EXE[3996] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00030D24
.text C:\Windows\Explorer.EXE[3996] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00030DB0
.text C:\Windows\Explorer.EXE[3996] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00030E3C
.text C:\Windows\Explorer.EXE[3996] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00030EC8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4020] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[4160] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe[4220] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Program Files\DellSupport\DSAgnt.exe[4264] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\ehome\ehtray.exe[4288] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\ehome\ehtray.exe[4288] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\ehome\ehtray.exe[4288] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00030F54
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00030FE0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00030D24
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00030DB0
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00030E3C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[4320] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00030EC8
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WS2_32.dll!socket 774D36D1 5 Bytes JMP 001308C4
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00130950
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WS2_32.dll!bind 774D652F 5 Bytes JMP 00130838
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00130F54
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00130FE0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00130D24
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00130DB0
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00130E3C
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4352] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00130EC8
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[4424] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[4424] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[4424] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[4424] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\svchost.exe[4424] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\svchost.exe[4424] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] KERNEL32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Program Files\Dell V305\dldtMsdMon.exe[4664] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\system32\svchost.exe[4780] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\system32\svchost.exe[4780] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\system32\svchost.exe[4780] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Windows\system32\svchost.exe[4780] WS2_32.dll!socket 774D36D1 5 Bytes JMP 000308C4
.text C:\Windows\system32\svchost.exe[4780] WS2_32.dll!connect 774D40D9 5 Bytes JMP 00030950
.text C:\Windows\system32\svchost.exe[4780] WS2_32.dll!bind 774D652F 5 Bytes JMP 00030838
.text C:\Windows\system32\svchost.exe[4780] WININET.dll!InternetConnectA 76EEDEAE 5 Bytes JMP 00030F54
.text C:\Windows\system32\svchost.exe[4780] WININET.dll!InternetConnectW 76EEF862 5 Bytes JMP 00030FE0
.text C:\Windows\system32\svchost.exe[4780] WININET.dll!InternetOpenA 76EFD690 5 Bytes JMP 00030D24
.text C:\Windows\system32\svchost.exe[4780] WININET.dll!InternetOpenW 76EFDB09 5 Bytes JMP 00030DB0
.text C:\Windows\system32\svchost.exe[4780] WININET.dll!InternetOpenUrlA 76EFF3A4 5 Bytes JMP 00030E3C
.text C:\Windows\system32\svchost.exe[4780] WININET.dll!InternetOpenUrlW 76F46DDF 5 Bytes JMP 00030EC8
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Windows\ehome\ehmsas.exe[4844] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Windows\ehome\ehmsas.exe[4844] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Windows\ehome\ehmsas.exe[4844] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!CreateProcessW 76291BF3 5 Bytes JMP 000302C0
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!CreateProcessA 76291C28 5 Bytes JMP 00030234
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00030694
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00030090
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 000303D8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0003034C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 000301A8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0003011C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00030004
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!CreateThread 762DC90E 5 Bytes JMP 0003057C
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 000304F0
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!WinExec 76325CF7 5 Bytes JMP 00030464
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] KERNEL32.dll!SetThreadContext 7632794A 5 Bytes JMP 00030608
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00030720
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4984] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 000307AC
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!CreateProcessW 76291BF3 5 Bytes JMP 001302C0
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!CreateProcessA 76291C28 5 Bytes JMP 00130234
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!WriteProcessMemory 76291CB8 5 Bytes JMP 00130694
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!VirtualProtect 76291DC3 5 Bytes JMP 00130090
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!CreateProcessInternalW 762B53DF 5 Bytes JMP 001303D8
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!CreateProcessInternalA 762B8B8D 5 Bytes JMP 0013034C
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!VirtualProtectEx 762BDBDA 5 Bytes JMP 001301A8
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!VirtualAllocEx 762DACFC 5 Bytes JMP 0013011C
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!VirtualAlloc 762DAD55 5 Bytes JMP 00130004
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!CreateThread 762DC90E 5 Bytes JMP 0013057C
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!CreateRemoteThread 762DC935 5 Bytes JMP 001304F0
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!WinExec 76325CF7 5 Bytes JMP 00130464
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] kernel32.dll!SetThreadContext 7632794A 5 Bytes JMP 00130608
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] USER32.dll!SetWindowsHookExA 77436322 5 Bytes JMP 00130720
.text C:\Users\Cristina\Desktop\c4ue7hbg.exe[6060] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 001307AC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00360002
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00360000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\RawIp SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:11:51 PM

Posted 15 July 2010 - 04:50 AM

How is the computer running now?

#9 CompTechAa

CompTechAa
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:51 PM

Posted 15 July 2010 - 05:54 PM

The computer seems to be running well; the only thing I was curious about was all the processes that were running, but then again, there are many programs that initiate at startup so I guess that could be normal. There are 90 + processes running. After I ran Malwarebytes and SAS I had installed Vista SP2 + a few other updates and the computer began giving me a BSOD but I did a ChkDsk and seems to have fixed that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users