Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spotify Windowsrecovery virus/malware


  • Please log in to reply
15 replies to this topic

#1 tiredoftrying

tiredoftrying

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 29 March 2011 - 11:21 AM

Dear Bleeping

I am a new member and not an expert so please explain anything simply!

I have picked up viruses or malware from Spotify free on Thursday / Friday which are proving really difficult to remove.

Firstly my PC was infected, then my laptop before I realised where it was coming from. I have Symantec endpoint protection but it has not picked anything up.

The PC has a persistant Windowsrecovery virus which pops up and hides nearly all the files. I can unhide them, but it hides them again next time I reboot. It has also prevented me from connecting to the internet - not sure how. I have used Rkill to stop the process and tried to clean it with malawarebytes, AVG and Avast which have identified some viruses but it still comes back. Cleaning is made more difficult by no internet connection so i have been transfering files from the laptop on a USB stick.

The laptop still has internet connection, but has had a series of problems from a google link redirect to ther sites and a system shutdown threat. It has also failed to shut down properly and moves very slowly at times. Again I have used Rkill, AVG and Avast which have identified and dealt with some viruses but problems keep coming back.

I realise that I now need some expert help so I have come to you!

I have followed the preparation guide, but the DDS script opens in notebook and does not run. GMER is running though and i will attach the log once i have it, but it may be tomorrow morning now (I am on UK time)

Hope someone can help me. Thanks in advance

BC AdBot (Login to Remove)

 


#2 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:20 AM

gmer log completed. will attach in following posts

#3 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:24 AM

Part 1:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-30 12:22:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST980813AS rev.3.ADC
Running: gmer.exe; Driver: C:\DOCUME~1\mairr\LOCALS~1\Temp\kxryikog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEC3E59CA]
SSDT 86CF7830 ZwAlertResumeThread
SSDT 86F5EA50 ZwAlertThread
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEC43AA68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEC405AF5]
SSDT 86ECC358 ZwConnectPort
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEC3E7EAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEC3E7F04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEC3E801A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEC4054A9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEC3E7E02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEC3E7F54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEC3E7E56]
SSDT 86FDE900 ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEC3E7FC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEC3E59EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEC4061BB]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEC406471]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEC3E829E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEC406026]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEC405E91]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEC43AB18]
SSDT 86F5D348 ZwImpersonateAnonymousToken
SSDT 86DDB220 ZwImpersonateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEC3E57B8]
SSDT 86EA31E0 ZwMapViewOfSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEC3E5A12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEC3E8412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEC3E64AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEC3E7EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEC3E7F2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEC3E8044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEC405805]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEC3E7E2E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA0A06C0]
SSDT 86C6A4F0 ZwOpenProcessToken
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEC3E7F94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEC3E7E84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEC3E81BA]
SSDT 87181108 ZwOpenThreadToken
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEC3E7FF2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEC43ABB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEC405D0C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEC3E6370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEC405B5E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEC442E26]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEC404B1C]
SSDT 86DA07F8 ZwResumeThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEC3E5A36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEC3E5A5A]
SSDT 86A40318 ZwSetContextThread
SSDT 86C94AC8 ZwSetInformationProcess
SSDT 86A2B970 ZwSetInformationThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEC3E5812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEC3E594E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEC4062C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEC3E592A]
SSDT 86ED7670 ZwSuspendProcess
SSDT 86A25108 ZwSuspendThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEC3E5972]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBA0A0770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA0A0810]
SSDT 86A33340 ZwUnmapViewOfSection
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEC3E5A7E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA0A08B0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEC44F8DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2CB8 80504554 8 Bytes JMP 0018CC56
.text ntkrnlpa.exe!ZwCallbackReturn + 2D94 80504630 8 Bytes JMP 3E5A1286
.text ntkrnlpa.exe!ZwCallbackReturn + 2F30 805047CC 12 Bytes [36, 5A, 3E, EC, 5A, 5A, 3E, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [70, 76, ED, 86, 08, 51, A2, ...] {JO 0x78; IN EAX, DX; XCHG [EAX], CL; PUSH ECX; MOV [0x3e597286], AL; IN AL, DX }
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL EC3E6E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP EC44B29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP EC44CD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP EC44F8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? pxscan.sys The system cannot find the file specified. !
INITc VolSnap.sys F764DBD0 4 Bytes [B0, A5, 53, 80]
INITc VolSnap.sys F764DBF8 4 Bytes [B8, A1, 4F, 80]
INITc VolSnap.sys F764DC20 4 Bytes [B6, AE, 4F, 80]
INITc VolSnap.sys F764DC48 4 Bytes [30, FF, 4F, 80]
INITc VolSnap.sys F764DC70 4 Bytes [7A, A8, 4F, 80]
INITc ...
? pxsec.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF56F3360, 0x303CE7, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[236] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[316] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[428] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe[520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\winlogon.exe[1076] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00070030
.text C:\WINDOWS\system32\winlogon.exe[1076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0007006C
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\winlogon.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\winlogon.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\winlogon.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\winlogon.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\winlogon.exe[1076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\winlogon.exe[1076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\winlogon.exe[1076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\winlogon.exe[1076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\winlogon.exe[1076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\winlogon.exe[1076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\winlogon.exe[1076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\winlogon.exe[1076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\winlogon.exe[1076] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\services.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003201D4
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003200E4
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00320120
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0032015C
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00320198
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00320030
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0032006C
.text C:\WINDOWS\system32\services.exe[1140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003200A8
.text C:\WINDOWS\system32\services.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003300E4
.text C:\WINDOWS\system32\services.exe[1140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00330120
.text C:\WINDOWS\system32\services.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003300A8
.text C:\WINDOWS\system32\services.exe[1140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00330030
.text C:\WINDOWS\system32\services.exe[1140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0033006C
.text C:\WINDOWS\system32\services.exe[1140] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\lsass.exe[1156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\lsass.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\lsass.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\lsass.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\lsass.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\lsass.exe[1156] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\lsass.exe[1156] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\lsass.exe[1156] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\lsass.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\lsass.exe[1156] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\lsass.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\lsass.exe[1156] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\lsass.exe[1156] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\lsass.exe[1156] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[1244] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8

#4 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:25 AM

Part 2

.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00160030
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0016006C
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\Program Files\iTunes\iTunesHelper.exe[1332] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1456] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe[1464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00AC6DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00AC72BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00AC5BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 00AC737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00AC724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00AC5AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC73E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00AC6C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 00AC595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 00AC61DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00AC65B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00AC6AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00AC633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00AC6261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00AC62BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC6035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00AC66AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00AC6A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00AC59B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00AC64E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00AC6EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00AC6F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00AC6725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00AC7202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00AC5C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00AC5BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 00AC718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00AC6BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 00AC644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 00AC69D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00AC6135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00AC7001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00AC6D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00AC5E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00AC6E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00AC5F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00AC5A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00AC7108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00AC7236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[1572] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00AC71E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E01D4
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E00E4
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0120
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E015C
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0198
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E0030
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E006C
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E00A8
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F00A8
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F0030
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F006C
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 011D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0056000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WS2_32.dll!send 71AB4C27 5 Bytes JMP 011B000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0058000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WS2_32.dll!recv 71AB676F 5 Bytes JMP 004D000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 011C000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WININET.dll!HttpOpenRequestA 3D94D508 3 Bytes JMP 0120000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WININET.dll!HttpOpenRequestA + 4 3D94D50C 1 Byte [C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0122000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 0121000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 011F000A
.text C:\Program Files\Internet Explorer\iexplore.exe[1580] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 011E000A
.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\System32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00B76DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00B772BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00B75BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 00B7737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00B7724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00B75AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B773E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00B76C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 00B7595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 00B761DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00B765B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00B76AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00B7633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00B76261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00B762BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B76035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00B766AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00B76A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00B759B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00B764E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00B76EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00B76F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00B76725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00B77202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00B75C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00B75BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 00B7718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00B76BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 00B7644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 00B769D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00B76135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00B77001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00B76D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00B75E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00B76E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00B75F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00B75A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00B77108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00B77236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006001D4
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006000E4
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00600120
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0060015C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00600198
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00600030
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0060006C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006000A8
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006100E4
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00610120
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006100A8
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00610030
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0061006C
.text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1704] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00B771E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003801D4
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003800E4
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380120
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0038015C
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380198
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00380030
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038006C
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003800A8
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe[1916] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll

#5 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:29 AM

Part three


.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003000E4
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300120
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003000A8
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00300030
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0030006C
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!Change

#6 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:32 AM

Part three


.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\SCardSvr.exe[2092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\SCardSvr.exe[2092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[2180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[2180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[2180] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Messenger\msmsgs.exe[2200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\Program Files\Messenger\msmsgs.exe[2200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\Program Files\Messenger\msmsgs.exe[2200] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2252] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\Program Files\Outlook Express\msimn.exe[2304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\Program Files\Outlook Express\msimn.exe[2304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003000E4
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300120
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003000A8
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00300030
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0030006C
.text C:\Program Files\Outlook Express\msimn.exe[2304] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[2348] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] KERNEL32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2364] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\dllhost.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\dllhost.exe[2372] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\dllhost.exe[2372] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2396] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00160030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0016006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2408] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Symantec AntiVirus\DefWatch.exe[2604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2616] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C

#7 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:33 AM

Part 4


.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007E01D4
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007E00E4
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007E0120
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007E015C
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007E0198
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007E0030
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007E006C
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007E00A8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00AC6DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00AC72BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00AC5BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 00AC737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00AC724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00AC5AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AC73E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00AC6C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 00AC595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 00AC61DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00AC65B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00AC6AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00AC633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00AC6261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00AC62BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AC6035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00AC66AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00AC6A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00AC59B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00AC64E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00AC6EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00AC6F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00AC6725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00AC7202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00AC5C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00AC5BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 00AC718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00AC6BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 00AC644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 00AC69D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00AC6135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00AC7001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00AC6D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00AC5E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00AC6E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00AC5F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00AC5A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00AC7108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00AC7236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007D01D4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007D00E4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007D0120
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007D015C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007D0198
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007D0030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007D006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007D00A8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007E00E4
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 007E0120
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007E00A8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007E0030
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007E006C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2800] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00AC71E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00C56DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00C572BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00C55BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 00C5737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00C5724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00C55AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C573E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00C56C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 00C5595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 00C561DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00C565B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00C56AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00C5633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00C56261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00C562BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C56035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00C566AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00C56A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00C559B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00C564E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00C56EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00C56F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00C56725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00C57202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00C55C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00C55BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 00C5718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00C56BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 00C5644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 00C569D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00C56135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00C57001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00C56D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00C55E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00C56E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00C55F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00C55A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00C57108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00C57236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007301D4
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007300E4
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00730120
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0073015C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00730198
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00730030
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0073006C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007300A8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007400E4
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00740120
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007400A8
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00740030
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0074006C
.text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3116] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00C571E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3196] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[3320] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\system32\nvsvc32.exe[3336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\system32\nvsvc32.exe[3336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\system32\nvsvc32.exe[3336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\system32\nvsvc32.exe[3336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\system32\nvsvc32.exe[3336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\system32\nvsvc32.exe[3336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[3368] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\System32\alg.exe[3376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\System32\alg.exe[3376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\System32\alg.exe[3376] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4
.text C:\WINDOWS\System32\alg.exe[3376] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120
.text C:\WINDOWS\System32\alg.exe[3376] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8
.text C:\WINDOWS\System32\alg.exe[3376] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030
.text C:\WINDOWS\System32\alg.exe[3376] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C
.text C:\WINDOWS\System32\alg.exe[3376] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\System32\alg.exe[3376] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\System32\alg.exe[3376] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\System32\alg.exe[3376] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\System32\alg.exe[3376] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\System32\alg.exe[3376] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\System32\alg.exe[3376] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\System32\alg.exe[3376] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\mairr\Desktop\gmer.exe[3416] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\msdtc.exe[3476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\msdtc.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\msdtc.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\msdtc.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\msdtc.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\msdtc.exe[3476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\msdtc.exe[3476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\msdtc.exe[3476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\msdtc.exe[3476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\msdtc.exe[3476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\msdtc.exe[3476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\msdtc.exe[3476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\msdtc.exe[3476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\msdtc.exe[3476] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003801D4
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003800E4
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380120
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0038015C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380198
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00380030
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038006C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003800A8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3528] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Symantec AntiVirus\SavRoam.exe[3632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\svchost.exe[3688] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\svchost.exe[3688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll

#8 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:34 AM

Part 5


.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\svchost.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\svchost.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\svchost.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\svchost.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\svchost.exe[3688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\svchost.exe[3688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\svchost.exe[3688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\svchost.exe[3688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\svchost.exe[3688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\svchost.exe[3688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\svchost.exe[3688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\svchost.exe[3688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\svchost.exe[3688] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00160030
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0016006C
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 005701D4
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 005700E4
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00570120
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0057015C
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00570198
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00570030
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0057006C
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 005700A8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005800E4
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00580120
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005800A8
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00580030
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0058006C
.text C:\Program Files\Dell\QuickSet\quickset.exe[3740] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003801D4
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003800E4
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380120
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0038015C
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380198
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00380030
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038006C
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003800A8
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C
.text C:\Program Files\Symantec AntiVirus\Rtvscan.exe[3768] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[3912] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[3944] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\dllhost.exe[3968] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\system32\dllhost.exe[3968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[3968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4
.text C:\WINDOWS\system32\dllhost.exe[3968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4
.text C:\WINDOWS\system32\dllhost.exe[3968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120
.text C:\WINDOWS\system32\dllhost.exe[3968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C
.text C:\WINDOWS\system32\dllhost.exe[3968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198
.text C:\WINDOWS\system32\dllhost.exe[3968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030
.text C:\WINDOWS\system32\dllhost.exe[3968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C
.text C:\WINDOWS\system32\dllhost.exe[3968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8
.text C:\WINDOWS\system32\dllhost.exe[3968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\dllhost.exe[3968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\dllhost.exe[3968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\dllhost.exe[3968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\dllhost.exe[3968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\dllhost.exe[3968] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00DA6DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00DA72BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00DA5BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 00DA737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00DA724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00DA5AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DA73E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00DA6C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 00DA595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 00DA61DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00DA65B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00DA6AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00DA633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00DA6261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00DA62BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DA6035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00DA66AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00DA6A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00DA59B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00DA64E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00DA6EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00DA6F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00DA6725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00DA7202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00DA5C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00DA5BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 00DA718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00DA6BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 00DA644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 00DA69D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00DA6135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00DA7001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00DA6D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00DA5E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00DA6E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00DA5F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00DA5A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00DA7108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00DA7236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008301D4
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008300E4
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00830120
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0083015C
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00830198
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00830030
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0083006C
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008300A8
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008400E4
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00840120
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 008400A8
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00840030
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0084006C
.text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[4052] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00DA71E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[4424] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00BC6DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00BC72BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00BC5BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 00BC737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00BC724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00BC5AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BC73E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00BC6C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 00BC595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 00BC61DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00BC65B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00BC6AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00BC633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00BC6261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00BC62BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BC6035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00BC66AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00BC6A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00BC59B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00BC64E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00BC6EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00BC6F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00BC6725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00BC7202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00BC5C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00BC5BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 00BC718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00BC6BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 00BC644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 00BC69D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00BC6135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00BC7001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00BC6D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00BC5E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00BC6E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00BC5F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00BC5A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00BC7108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00BC7236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006501D4
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006500E4
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00650120
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0065015C
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00650198
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00650030
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0065006C
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006500A8
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006600E4
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00660120
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006600A8
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00660030
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0066006C
.text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[4508] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00BC71E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\AVG\AVG10\avgtray.exe[4732] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\PROGRA~1\SYMANT~1\VPTray.exe[5020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll

#9 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:35 AM

Part 6


.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[5092] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\Program Files\Digital Line Detect\DLG.exe[5168] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\Program Files\iPod\bin\iPodService.exe[5388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C
.text C:\Program Files\iPod\bin\iPodService.exe[5388] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\ctfmon.exe[5588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\ctfmon.exe[5588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\ctfmon.exe[5588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\ctfmon.exe[5588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\ctfmon.exe[5588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\ctfmon.exe[5588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\ctfmon.exe[5588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\ctfmon.exe[5588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\ctfmon.exe[5588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\ctfmon.exe[5588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\ctfmon.exe[5588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\ctfmon.exe[5588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\ctfmon.exe[5588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\ctfmon.exe[5588] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[5740] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E01D4
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E00E4
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0120
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E015C
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0198
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E0030
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E006C
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E00A8
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F00E4
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0120
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F00A8
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F0030
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F006C
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0101000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00FE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00FD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00FF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0100000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00FC000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 0058000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 00F4000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 00F6000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 00F5000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 00F3000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5764] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 0059000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E01D4
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E00E4
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0120
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E015C
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0198
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E0030
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E006C
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E00A8
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B15 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD16D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB6C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254666 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F00A8
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F0030
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F006C
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E502F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F61 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4FCC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4E32 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E94 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5092 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EF6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBC8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E53B0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 0055000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 0052000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 0051000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0053000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 0054000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WS2_32.dll!recv 71AB676F 5 Bytes JMP 0050000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 5 Bytes JMP 00FB000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WININET.dll!HttpOpenRequestA 3D94D508 5 Bytes JMP 00FE000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 0100000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 00FF000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WININET.dll!HttpOpenRequestW 3D94FBFB 5 Bytes JMP 00FD000A
.text C:\Program Files\Internet Explorer\iexplore.exe[5844] WININET.dll!HttpAddRequestHeadersW 3D94FE49 5 Bytes JMP 00FC000A
.text C:\WINDOWS\system32\ctfmon.exe[5948] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000B0030
.text C:\WINDOWS\system32\ctfmon.exe[5948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000B006C
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[5948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E01D4
.text C:\WINDOWS\system32\ctfmon.exe[5948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\ctfmon.exe[5948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\ctfmon.exe[5948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E015C
.text C:\WINDOWS\system32\ctfmon.exe[5948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0198
.text C:\WINDOWS\system32\ctfmon.exe[5948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\ctfmon.exe[5948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\ctfmon.exe[5948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E00A8

#10 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:37 AM

Part 7 and last!

.text C:\WINDOWS\system32\ctfmon.exe[5948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\ctfmon.exe[5948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\ctfmon.exe[5948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002F00A8
.text C:\WINDOWS\system32\ctfmon.exe[5948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\ctfmon.exe[5948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\ctfmon.exe[5948] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030
.text C:\WINDOWS\explorer.exe[5960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\explorer.exe[5960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B01D4
.text C:\WINDOWS\explorer.exe[5960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B00E4
.text C:\WINDOWS\explorer.exe[5960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0120
.text C:\WINDOWS\explorer.exe[5960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B015C
.text C:\WINDOWS\explorer.exe[5960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0198
.text C:\WINDOWS\explorer.exe[5960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B0030
.text C:\WINDOWS\explorer.exe[5960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B006C
.text C:\WINDOWS\explorer.exe[5960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B00A8
.text C:\WINDOWS\explorer.exe[5960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C00E4
.text C:\WINDOWS\explorer.exe[5960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0120
.text C:\WINDOWS\explorer.exe[5960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C00A8
.text C:\WINDOWS\explorer.exe[5960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C0030
.text C:\WINDOWS\explorer.exe[5960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C006C
.text C:\WINDOWS\explorer.exe[5960] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\rundll32.exe[5964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[5964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\WINDOWS\system32\rundll32.exe[5964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\rundll32.exe[5964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\rundll32.exe[5964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\WINDOWS\system32\rundll32.exe[5964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\WINDOWS\system32\rundll32.exe[5964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\rundll32.exe[5964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\rundll32.exe[5964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\rundll32.exe[5964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\rundll32.exe[5964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\rundll32.exe[5964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\rundll32.exe[5964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\rundll32.exe[5964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\rundll32.exe[5964] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\RunDLL32.exe[5972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\RunDLL32.exe[5972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\RunDLL32.exe[5972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\RunDLL32.exe[5972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\RunDLL32.exe[5972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\RunDLL32.exe[5972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\RunDLL32.exe[5972] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030
.text C:\WINDOWS\system32\msiexec.exe[5984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msiexec.exe[5984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4
.text C:\WINDOWS\system32\msiexec.exe[5984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4
.text C:\WINDOWS\system32\msiexec.exe[5984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120
.text C:\WINDOWS\system32\msiexec.exe[5984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C
.text C:\WINDOWS\system32\msiexec.exe[5984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198
.text C:\WINDOWS\system32\msiexec.exe[5984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030
.text C:\WINDOWS\system32\msiexec.exe[5984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C
.text C:\WINDOWS\system32\msiexec.exe[5984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8
.text C:\WINDOWS\system32\msiexec.exe[5984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4
.text C:\WINDOWS\system32\msiexec.exe[5984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120
.text C:\WINDOWS\system32\msiexec.exe[5984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8
.text C:\WINDOWS\system32\msiexec.exe[5984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030
.text C:\WINDOWS\system32\msiexec.exe[5984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C
.text C:\WINDOWS\system32\msiexec.exe[5984] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\stsystra.exe[6020] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\WINDOWS\stsystra.exe[6020] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\WINDOWS\stsystra.exe[6020] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4
.text C:\WINDOWS\stsystra.exe[6020] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120
.text C:\WINDOWS\stsystra.exe[6020] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8
.text C:\WINDOWS\stsystra.exe[6020] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030
.text C:\WINDOWS\stsystra.exe[6020] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C
.text C:\WINDOWS\stsystra.exe[6020] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4
.text C:\WINDOWS\stsystra.exe[6020] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4
.text C:\WINDOWS\stsystra.exe[6020] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120
.text C:\WINDOWS\stsystra.exe[6020] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C
.text C:\WINDOWS\stsystra.exe[6020] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198
.text C:\WINDOWS\stsystra.exe[6020] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030
.text C:\WINDOWS\stsystra.exe[6020] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C
.text C:\WINDOWS\stsystra.exe[6020] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8
.text C:\WINDOWS\system32\ICO.EXE[6048] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030
.text C:\WINDOWS\system32\ICO.EXE[6048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ICO.EXE[6048] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4
.text C:\WINDOWS\system32\ICO.EXE[6048] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4
.text C:\WINDOWS\system32\ICO.EXE[6048] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120
.text C:\WINDOWS\system32\ICO.EXE[6048] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C
.text C:\WINDOWS\system32\ICO.EXE[6048] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198
.text C:\WINDOWS\system32\ICO.EXE[6048] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030
.text C:\WINDOWS\system32\ICO.EXE[6048] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C
.text C:\WINDOWS\system32\ICO.EXE[6048] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8
.text C:\WINDOWS\system32\ICO.EXE[6048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4
.text C:\WINDOWS\system32\ICO.EXE[6048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120
.text C:\WINDOWS\system32\ICO.EXE[6048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8
.text C:\WINDOWS\system32\ICO.EXE[6048] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030
.text C:\WINDOWS\system32\ICO.EXE[6048] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C
.text C:\WINDOWS\system32\ICO.EXE[6048] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ntdll.dll!NtFlushVirtualMemory 7C90D35E 5 Bytes JMP 00D66DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 00D672BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ntdll.dll!NtReadFile 7C90D9CE 5 Bytes JMP 00D65BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ntdll.dll!NtUnmapViewOfSection 7C90DF0E 5 Bytes JMP 00D6737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 00D6724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00D65AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D673E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!CreateFileMappingW 7C80943C 5 Bytes JMP 00D66C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!CloseHandle 7C809BE7 5 Bytes JMP 00D6595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetDriveTypeW 7C80B370 5 Bytes JMP 00D661DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetFileAttributesW 7C80B7EC 5 Bytes JMP 00D665B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!DuplicateHandle 7C80DE9E 7 Bytes JMP 00D66AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!FindFirstFileExW 7C80EB1D 5 Bytes JMP 00D6633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!FindClose 7C80EE77 7 Bytes JMP 00D66261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!FindNextFileW 7C80EFDA 7 Bytes JMP 00D662BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D66035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetFileSizeEx 7C810AA9 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetFileSizeEx 7C810AA9 5 Bytes JMP 00D666AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetFileInformationByHandle 7C810D0D 5 Bytes JMP 00D66A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00D659B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetFileAttributesExW 7C811195 5 Bytes JMP 00D664E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetLongPathNameW 7C8133F3 5 Bytes JMP 00D66EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetShortPathNameW 7C81F26E 5 Bytes JMP 00D66F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00D66725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!SetFilePointerEx 7C821057 5 Bytes JMP 00D67202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00D65C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!ReadFileEx 7C82BD0B 5 Bytes JMP 00D65BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!WriteFileGather 7C82DDB5 7 Bytes JMP 00D6718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!ReadFileScatter 7C82DE61 7 Bytes JMP 00D66BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!SetFileAttributesW 7C8314DD 5 Bytes JMP 00D6644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetOverlappedResult 7C8315CC 1 Byte [E9]
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetOverlappedResult 7C8315CC 5 Bytes JMP 00D669D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00D66135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!SetEndOfFile 7C832076 5 Bytes JMP 00D67001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!FlushViewOfFile 7C8359A1 5 Bytes JMP 00D66D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!RemoveDirectoryW 7C836F8B 5 Bytes JMP 00D65E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!BackupRead 7C85725A 5 Bytes JMP 00D66E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!CreateDirectoryExW 7C85B5CA 5 Bytes JMP 00D65F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!WriteFileEx 7C85D6D9 5 Bytes JMP 00D65A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!GetCompressedFileSizeW 7C85E349 5 Bytes JMP 00D67108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] kernel32.dll!CreateHardLinkW 7C86C5AC 7 Bytes JMP 00D67236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007F01D4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007F00E4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007F0120
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007F015C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007F0198
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007F0030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007F006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007F00A8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008000E4
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00800120
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 008000A8
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00800030
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0080006C
.text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[6084] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00D671E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00080030
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0008006C
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F01D4
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F00E4
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0120
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F015C
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0198
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F0030
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F006C
.text C:\WINDOWS\system32\Pmxmiced.exe[6092] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F00A8

---- Devices - GMER 1.0.15 ----

Device aswSP.SYS (avast! self protection module/AVAST Software)
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:144] 8712FE84
Thread System [4:148] 87132084

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA3301004F7706010000000020\Usage@PDFMakerForIE 1048453237

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\mairr\Local Settings\Temporary Internet Files\Content.IE5\1TJN1ZWS\fl[1].js 6707 bytes
File C:\Documents and Settings\mairr\Local Settings\Temporary Internet Files\Content.IE5\1TJN1ZWS\433605[2].htm 0 bytes
File C:\Documents and Settings\mairr\Local Settings\Temporary Internet Files\Content.IE5\TKLVHDVA\72236a43159a961c[4].js 17029 bytes
File C:\Documents and Settings\mairr\Local Settings\Temporary Internet Files\Content.IE5\Z58SURGL\tickerCA7S8QJK.sjson 0 bytes

---- EOF - GMER 1.0.15 ----

#11 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 30 March 2011 - 08:47 AM

Ok I have now also got a DDS log to work:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by mairr at 14:44:42.79 on 30/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.172 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\Pmxmiced.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\AVG\AVG10\avgchsvx.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mairr\Local Settings\Temporary Internet Files\Content.IE5\OD8O1UD6\dds[1].pif
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bbc.co.uk/news/
uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk&ibd=2071129
uSearch Bar =
uInternet Settings,ProxyOverride = *.local
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60475
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [PMX Daemon] ICO.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-100000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\biolsp.dll
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls/latest/promap.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: wxvault.dll c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys --> c:\windows\system32\drivers\pxscan.sys [?]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-3-28 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-28 301528]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-28 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-3-28 42184]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-2 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-30 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110327.001\naveng.sys [2011-3-28 86008]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110327.001\navex15.sys [2011-3-28 1360760]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [2007-12-4 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [2007-12-4 14336]
.
=============== File Associations ===============
.
.scr=AutoCADLTScriptFile
.
=============== Created Last 30 ================
.
2011-03-30 10:56:53 339968 --sha-w- c:\docume~1\mairr\locals~1\applic~1\juk.exe
2011-03-29 13:07:30 -------- d-----w- c:\docume~1\mairr\applic~1\AVG
2011-03-28 09:59:35 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-28 09:56:57 40648 ----a-w- c:\windows\avastSS.scr
2011-03-28 09:56:11 -------- d-----w- c:\program files\AVAST Software
2011-03-28 09:56:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVAST Software
2011-03-25 13:55:47 -------- d-----w- C:\$AVG
2011-03-25 13:35:07 -------- d-----w- c:\docume~1\mairr\applic~1\AVG10
2011-03-25 13:33:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-25 13:31:08 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-25 13:31:08 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-03-25 13:30:37 -------- d-----w- c:\program files\AVG
2011-03-25 13:09:16 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-25 10:15:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2
2011-03-24 08:49:04 -------- d-----w- c:\windows\system32\vmm32
2011-03-09 21:06:09 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:46:21.61 ===============


I will be really grateful if someone has the skills to help me with this.

Attached Files



#12 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 04 April 2011 - 08:46 PM

Hello tiredoftrying, and welcome.

While the 2 AV's have proven helpful to you, it is never a good idea to have more than 1 AV installed and running at a given time. It will contribute to system slow downs as well as other Operating System issues.

Before we begin, you'll have to unhide your files and folders again and uninstall AVG. See if you can access the Control Panel>Add or Remove programs. If you cannot, please download and run the AVG uninstaller from here. Run it from the flash drive if necessary.

After you have completed the above, Download ComboFix from one of these locations:

Link 1
Link 2


Save it to your flash drive and run it from there.


====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications

====================================================


Double click on ComboFix.exe & follow the prompts.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#13 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 07 April 2011 - 05:29 AM

Hello Ried

Thanks for your reply

I have disabled Avast realtime and uninstalled AVG and Symantec Antivirus.

I could only get combofix to run in safemode. Combofix restarted the computer and I let it start normally. Avast tried to prtect me from Combofix several times and I told it to allow the program to run normally - hope that is all OK.

Log attached

Attached File  log.txt   13.28KB   0 downloads

ComboFix 11-04-06.03 - mairr 07/04/2011 11:11:46.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.774 [GMT 1:00]
Running from: E:\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\mairr\Desktop\Improve Your PC.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 08:58 . 2011-04-07 08:58 -------- d-----w- c:\documents and settings\administrator.JROBERTS\Local Settings\Application Data\Symantec
2011-04-07 08:58 . 2011-04-07 08:58 -------- d-----w- c:\documents and settings\administrator.JROBERTS\Local Settings\Application Data\Apple Computer
2011-04-07 08:57 . 2011-04-07 08:57 -------- d-sh--w- c:\documents and settings\administrator.JROBERTS\PrivacIE
2011-04-07 08:56 . 2011-04-07 08:56 -------- d-sh--w- c:\documents and settings\administrator.JROBERTS\IETldCache
2011-04-01 09:44 . 2011-04-01 09:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\AVG10
2011-03-31 15:38 . 2011-03-31 15:38 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-29 13:07 . 2011-04-01 08:42 -------- d-----w- c:\documents and settings\mairr\Application Data\AVG
2011-03-28 09:59 . 2011-02-23 13:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-28 09:59 . 2011-02-23 13:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-28 09:59 . 2011-02-23 13:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-28 09:59 . 2011-02-23 13:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-28 09:59 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-28 09:59 . 2011-02-23 13:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-28 09:59 . 2011-02-23 13:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-28 09:59 . 2011-02-23 13:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-28 09:56 . 2011-02-23 14:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-28 09:56 . 2011-02-23 14:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-28 09:56 . 2011-03-28 09:56 -------- d-----w- c:\program files\AVAST Software
2011-03-28 09:56 . 2011-03-28 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-03-25 16:25 . 2011-03-25 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2011-03-25 13:33 . 2011-03-25 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files
2011-03-25 13:31 . 2011-04-05 12:09 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-03-25 13:30 . 2011-03-29 13:03 -------- d-----w- c:\program files\AVG
2011-03-25 13:09 . 2011-03-25 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-03-25 10:15 . 2011-03-25 10:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2
2011-03-24 08:49 . 2011-03-24 08:49 -------- d-----w- c:\windows\system32\vmm32
2011-03-09 21:06 . 2009-07-27 23:17 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-09 13:53 . 2004-08-11 17:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-11 17:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2004-08-11 17:11 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-11 17:11 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-11 17:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-11 17:00 290048 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-24 851968]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-06 8466432]
"nwiz"="nwiz.exe" [2007-08-06 1626112]
"NVHotkey"="nvHotkey.dll" [2007-08-06 67584]
"NvMediaCenter"="NvMCTray.dll" [2007-08-06 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2007-07-16 405504]
"PMX Daemon"="ICO.EXE" [2006-11-08 49152]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-03 1228800]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-01-22 212992]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-11-29 1838592]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-24 17920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-02-17 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-02-23 3451496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-100000000002}\SC_Acrobat.exe [2007-12-4 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-11-29 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-329163752-3743530287-1406116861-1109\Scripts\Logon\0\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [28/03/2011 10:59 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [28/03/2011 10:59 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [28/03/2011 10:59 19544]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [02/01/2009 19:23 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [11/08/2004 18:00 5120]
R3 pmxmouse;PMXMOUSE;c:\windows\system32\drivers\pmxmouse.sys [04/12/2007 09:48 18432]
R3 pmxusblf;PMXUSBLF;c:\windows\system32\drivers\pmxusblf.sys [04/12/2007 09:48 14336]
.
Contents of the 'Scheduled Tasks' folder
.
2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
2011-04-07 c:\windows\Tasks\User_Feed_Synchronization-{36823FAE-C5B4-4C4C-9409-64F547499A95}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/news/
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\windows\system32\biolsp.dll
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls/latest/promap.cab
FF - ProfilePath - c:\documents and settings\mairr\Application Data\Mozilla\Firefox\Profiles\s6v39njt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Document Manager - c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
HKLM-Run-PDVDDXSrv - c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 11:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(860)
c:\windows\system32\biolsp.dll
c:\program files\Bonjour\mdnsNSP.dll
.
- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pmxscrll.dll
c:\windows\system32\PMXCOMM.dll
c:\windows\system32\PMXHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\windows\stsystra.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\Pmxmiced.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-04-07 11:27:36 - machine was rebooted
ComboFix-quarantined-files.txt 2011-04-07 10:27
.
Pre-Run: 50,836,914,176 bytes free
Post-Run: 50,065,080,320 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - B742072D8DC441C298049F0C4430A476

#14 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:19 PM

Posted 07 April 2011 - 07:42 AM

How is the machine behaving now? Can you see your files and folders?

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#15 tiredoftrying

tiredoftrying
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 07 April 2011 - 08:45 AM

The computer starts fine and lets me view / open files & folders etc. I have not had the windowsrecovery problem for a while but I still have a google redirect problem and the Internet Explorer History shows about 30 dodgy looking addresses for today although I only opened it briefly to check if the google problem was still there




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users