Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP Repair Partially Removed and Tdsskiller won't open


  • This topic is locked This topic is locked
9 replies to this topic

#1 thefigtree

thefigtree

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 27 June 2011 - 04:10 AM

About a week ago my computer was infected with Windows XP Repair. I tried following several cleanups from the internet. I've downloaded and used rkill, supeantispyware, spyware doctor and malwarebyte's anti-malware. Still, I am unable to open tdsskiller. Plus, many of my programs in the start menu are hidden. Overall, my computer is running very slowly.

When I shut down my computer, for a couple of seconds something called Sysfader is running. Is this malicious? The same thing happens with something called app.bl87yEIQuTv3qlk4y24YZQ.6

Also I get a bunch of alerts saying that windows couldn't locate something. The last one said it couldn't locate grpconv. What's that?

Last, I have gotten some unresponsive scripts. One called c:/ program%20files/fox/components/nsblocklistservice.j:543


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/26/2011 at 05:33 AM

Application Version : 4.54.1000

Core Rules Database Version : 7328
Trace Rules Database Version: 5133

Scan type : Complete Scan
Total Scan Time : 06:32:55

Memory items scanned : 523
Memory threats detected : 0
Registry items scanned : 6125
Registry threats detected : 0
File items scanned : 69526
File threats detected : 21

Adware.Tracking Cookie
C:\Documents and Settings\Jordan\Cookies\jordan@doubleclick[2].txt
C:\Documents and Settings\Jordan\Cookies\jordan@search.clicksfind[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@pointroll[2].txt
C:\Documents and Settings\Jordan\Cookies\jordan@atdmt[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@dc.tremormedia[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@invitemedia[2].txt
C:\Documents and Settings\Jordan\Cookies\jordan@mediabrandsww[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@media6degrees[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@search.clickwhale[1].txt

Trojan.Agent/Gen-IExplorer[Fake]
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX24\NIRD\IEXPLORE.EXE
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX28\NIRD\IEXPLORE.EXE
C:\WINDOWS\TEMP\RARSFX0\NIRD\IEXPLORE.EXE

Trojan.Agent/Gen-PEC
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX24\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX25\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX26\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX27\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX28\PROCS\EXPLORER.EXE
C:\WINDOWS\TEMP\RARSFX0\PROCS\EXPLORER.EXE
C:\WINDOWS\TEMP\RARSFX1\PROCS\EXPLORER.EXE
C:\WINDOWS\TEMP\RARSFX2\PROCS\EXPLORER.EXE
C:\WINDOWS\Prefetch\EXPLORER.EXE-21A9BEB7.pf


I'd give you the other logs but my computer is being really slow.

Please let me know what my next step should be.
Thanks!

Edited by Budapest, 27 June 2011 - 04:57 PM.
Moved from Virus, Trojan, Spyware, and Malware Removal Logs ~Budapest


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:19 AM

Posted 30 June 2011 - 08:15 AM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#3 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 July 2011 - 11:02 AM

I did a full scan as you said but there were no infections. Here is an earlier scan that did have infections.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

6/16/2011 10:36:26 PM
mbam-log-2011-06-16 (22-36-26).txt

Scan type: Quick scan
Objects scanned: 175351
Time elapsed: 22 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\documents and settings\all users\application data\16310052.exe (Trojan.Agent) -> 1328 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\regincd2.exe (Spyware.OnLineGames) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\16310052.exe (Trojan.Agent) -> Quarantined and deleted successfully.



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/01/2011 at 04:13 AM

Application Version : 4.54.1000

Core Rules Database Version : 7328
Trace Rules Database Version: 5133

Scan type : Complete Scan
Total Scan Time : 03:33:36

Memory items scanned : 210
Memory threats detected : 0
Registry items scanned : 6118
Registry threats detected : 0
File items scanned : 74056
File threats detected : 128

Adware.Tracking Cookie
C:\Documents and Settings\Jordan\Cookies\jordan@ads.pointroll[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@imrworldwide[2].txt
C:\Documents and Settings\Jordan\Cookies\jordan@doubleclick[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@atdmt[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@fastclick[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@invitemedia[2].txt
C:\Documents and Settings\Jordan\Cookies\jordan@ad.yieldmanager[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@media6degrees[2].txt
C:\Documents and Settings\Jordan\Cookies\jordan@tribalfusion[1].txt
C:\Documents and Settings\Jordan\Cookies\jordan@pointroll[2].txt
ia.media-imdb.com [ C:\Documents and Settings\Jordan\Application Data\Macromedia\Flash Player\#SharedObjects\LHKV3745 ]
.imrworldwide.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.electronicarts.112.2o7.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.tribalfusion.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.yieldmanager.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.chicagosuntimes.122.2o7.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.network.realmedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.insightexpressai.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.mediabrandsww.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.serving-sys.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.wpni.112.2o7.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.bs.serving-sys.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ads.pointroll.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.r1-ads.ace.advertising.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.realmedia.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.questionmarket.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.overture.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adsby.webtraffic.se [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Jordan\Application Data\Mozilla\Firefox\Profiles\99zl6t6g.Default User\cookies.sqlite ]

Trojan.Agent/Gen-PEC
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX43\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX44\PROCS\EXPLORER.EXE
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX45\PROCS\EXPLORER.EXE

Trojan.Agent/Gen-IExplorer[Fake]
C:\DOCUMENTS AND SETTINGS\JORDAN\LOCAL SETTINGS\TEMP\RARSFX45\NIRD\IEXPLORE.EXE

#4 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 July 2011 - 11:03 AM

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-07-01 11:50:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_2F040L0 rev.VAM51JJ0
Running: wirds2sb.exe; Driver: C:\DOCUME~1\Jordan\LOCALS~1\Temp\kfpdraoc.sys


---- System - GMER 1.0.15 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF7433C30]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF745EF68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF745F230]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF7433E90]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF7433F50]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF7433AD0]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF77A0738]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF748196E]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF7434150]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA949F620]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF77A0878]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF77A0914]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\BCMSMMSG.exe[144] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\BCMSMMSG.exe[144] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\WINDOWS\BCMSMMSG.exe[144] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\BCMSMMSG.exe[144] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\WINDOWS\BCMSMMSG.exe[144] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\BCMSMMSG.exe[144] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\WINDOWS\BCMSMMSG.exe[144] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\WINDOWS\BCMSMMSG.exe[144] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\WINDOWS\BCMSMMSG.exe[144] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\WINDOWS\BCMSMMSG.exe[144] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\WINDOWS\BCMSMMSG.exe[144] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\WINDOWS\BCMSMMSG.exe[144] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\WINDOWS\BCMSMMSG.exe[144] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[184] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[228] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012F0001
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[268] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02F80001
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[336] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B1000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7090000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70BA000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70BD000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70B4000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70B7000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70CF000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 708A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70D5000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7081000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A2000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 709F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D2000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7084000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 708D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7087000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70CC000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70C9000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C0000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 709C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7099000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C3000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70C6000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7093000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70AB000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70A8000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7096000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70AE000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70DB000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] WININET.dll!InternetOpenUrlW 3D998471 6 Bytes JMP 70D8000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[404] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\Program Files\PC Tools Security\BDT\FGuard.exe[480] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 71AE000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 71A1000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 71A4000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileA 7C835EBF 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileA + 5 7C835EC4 1 Byte [70]
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7189000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 719B000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 718C000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 718F000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7183000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 719E000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7192000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 715F000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [61, 71]
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7195000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7198000A
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [55, 71]
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\winlogon.exe[680] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\winlogon.exe[680] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\winlogon.exe[680] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\winlogon.exe[680] WININET.dll!InternetOpenUrlW 3D998471 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A

#5 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 July 2011 - 11:05 AM

.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [59, 71]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [71, 71] {JNO 0x73}
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E2000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7115000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715D000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7109000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7196000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719C000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7199000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7187000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718A000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710C000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BB000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F7000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709A000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714B000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7193000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C4000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C7000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BE000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C1000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7145000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710F000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7118000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D9000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716F000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7094000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DF000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7148000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EB000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F4000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F1000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708B000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AC000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A9000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DC000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708E000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7097000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716C000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7091000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EE000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7178000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D6000A
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7112000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712D000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711B000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713F000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7130000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7133000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D3000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711E000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7127000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7121000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7142000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712A000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7136000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CA000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A6000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A3000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7103000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [05, 71]
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CD000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7139000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7124000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713C000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D0000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719F000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7157000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7154000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718D000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709D000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7169000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FD000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7166000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F9, 70]
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AF000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [62, 71]
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B5000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B2000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A0000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7190000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7151000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7100000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B8000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7160000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4D, 71]
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717B000A
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E8000A
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E5000A
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717E000A
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7184000A
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7181000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[860] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\ctfmon.exe[860] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\ctfmon.exe[860] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[860] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\WINDOWS\system32\ctfmon.exe[860] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\ctfmon.exe[860] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\ctfmon.exe[860] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\ctfmon.exe[860] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\ctfmon.exe[860] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\ctfmon.exe[860] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\Ati2evxx.exe[904] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\WINDOWS\System32\Ati2evxx.exe[904] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\System32\Ati2evxx.exe[904] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\Program Files\AIM6\aim6.exe[920] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[920] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [51, 71]
.text C:\Program Files\AIM6\aim6.exe[920] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[920] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [69, 71]
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DA000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 710D000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7155000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7101000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03380001
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 718E000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7194000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7191000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 717F000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7182000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7104000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B3000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70EF000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7092000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7143000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718B000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70BC000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70BF000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70B6000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70B9000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 713D000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9A, 71]
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7107000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7110000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D1000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7167000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 708C000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70D7000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7140000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E3000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70EC000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70E9000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7083000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A4000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A1000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D4000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7086000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 708F000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7164000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7089000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70E6000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7170000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70CE000A
.text C:\Program Files\AIM6\aim6.exe[920] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710A000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7125000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7113000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7137000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7128000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712B000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CB000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7116000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 711F000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7119000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713A000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7122000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 712E000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C2000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 709E000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709B000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FB000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [FD, 70]
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C5000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7131000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 711C000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7134000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70C8000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7197000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 714F000A
.text C:\Program Files\AIM6\aim6.exe[920] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 714C000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7185000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7095000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7161000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F5000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 715E000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F1, 70]
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70A7000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5A, 71]
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70AD000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AA000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7098000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7188000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7149000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70F8000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B0000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7158000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 716D000A
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aim6.exe[920] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [45, 71]
.text C:\Program Files\AIM6\aim6.exe[920] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7173000A
.text C:\Program Files\AIM6\aim6.exe[920] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E0000A
.text C:\Program Files\AIM6\aim6.exe[920] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70DD000A
.text C:\Program Files\AIM6\aim6.exe[920] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7176000A
.text C:\Program Files\AIM6\aim6.exe[920] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 717C000A
.text C:\Program Files\AIM6\aim6.exe[920] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7179000A
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[928] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\svchost.exe[928] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\svchost.exe[928] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[928] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\WINDOWS\system32\svchost.exe[928] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\svchost.exe[928] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\svchost.exe[928] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\WINDOWS\system32\svchost.exe[928] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\svchost.exe[928] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\system32\svchost.exe[928] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\system32\svchost.exe[928] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [58, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [70, 71] {JO 0x73}
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E0000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7113000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715C000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7107000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A20001
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7195000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719B000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7198000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7186000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7189000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710A000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B3000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F5000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7092000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714A000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7192000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70BC000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70BF000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70B6000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70B9000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7144000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [A4, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710D000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BEE1 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7116000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D1000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716E000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 708C000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70D7000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7147000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E9000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F2000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70EF000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7083000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A4000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A1000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D4000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7086000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 708F000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716B000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7089000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EC000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7177000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70CE000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7110000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712C000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7119000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713E000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712F000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7132000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CB000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711D000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7126000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7120000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7141000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7129000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7135000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C2000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 709E000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709B000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7101000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [03, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C5000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7138000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7123000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713B000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70C8000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719E000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7156000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7153000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718C000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7095000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7168000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FB000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7165000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F7, 70]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70A7000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [61, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70AD000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AA000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7098000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718F000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7150000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FE000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B0000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715F000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7174000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4C, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] shell32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717A000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] shell32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E6000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] shell32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E3000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] shell32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717D000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] shell32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7183000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] shell32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7180000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] wininet.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70DD000A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[988] wininet.dll!InternetOpenUrlW 3D998471 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [59, 71]
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[996] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [71, 71] {JNO 0x73}
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E2000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7115000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715D000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7109000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7196000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719C000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7199000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7187000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718A000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710C000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BB000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F7000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709A000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714B000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7193000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C4000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C7000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BE000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C1000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7145000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710F000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7118000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D9000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716F000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7094000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DF000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7148000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EB000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F4000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F1000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708B000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AC000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A9000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DC000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708E000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7097000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716C000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7091000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EE000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7178000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D6000A
.text C:\WINDOWS\system32\svchost.exe[996] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7112000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712D000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711B000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713F000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7130000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7133000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D3000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711E000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7127000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7121000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7142000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712A000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7136000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CA000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A6000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A3000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7103000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [05, 71]
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CD000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7139000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7124000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713C000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D0000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719F000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7157000A
.text C:\WINDOWS\system32\svchost.exe[996] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7154000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718D000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709D000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7169000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FD000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7166000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F9, 70]
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AF000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [62, 71]
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B5000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B2000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A0000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7190000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7151000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7100000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B8000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7160000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7175000A
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[996] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4D, 71]
.text C:\WINDOWS\system32\svchost.exe[996] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717B000A
.text C:\WINDOWS\system32\svchost.exe[996] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E8000A
.text C:\WINDOWS\system32\svchost.exe[996] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E5000A
.text C:\WINDOWS\system32\svchost.exe[996] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717E000A
.text C:\WINDOWS\system32\svchost.exe[996] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7184000A
.text C:\WINDOWS\system32\svchost.exe[996] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7181000A
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [58, 71]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [70, 71] {JO 0x73}
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A20001
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7195000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719B000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7198000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7186000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7189000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7192000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7083000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7086000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7089000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CopyFileExA 7C85F39C 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CopyFileExA + 5 7C85F3A1 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7177000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [04, 71] {ADD AL, 0x71}
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719E000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718C000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F8, 70]
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [61, 71]
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718F000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4C, 71]
.text C:\WINDOWS\System32\svchost.exe[1080] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\svchost.exe[1080] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1080] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1080] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\svchost.exe[1080] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7183000A
.text C:\WINDOWS\System32\svchost.exe[1080] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7180000A
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1080] WININET.dll!InternetOpenUrlW 3D998471 6 Bytes JMP 70DB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [59, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [71, 71] {JNO 0x73}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E1000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7114000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7108000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7196000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7199000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7187000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718A000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F6000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7099000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7193000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C3000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C6000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BD000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C0000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7145000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7117000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D8000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7093000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DE000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7148000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EA000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F3000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F0000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708A000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A8000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DB000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7096000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7090000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CopyFileExA 7C85F39C 4 Bytes JMP EC001E25
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CopyFileExA + 5 7C85F3A1 1 Byte [70]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7178000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7111000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7130000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7133000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D2000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7127000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7121000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7142000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712A000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7136000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C9000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A5000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A2000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7102000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [04, 71] {ADD AL, 0x71}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CC000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7139000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7124000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7157000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7154000A

#6 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 July 2011 - 11:08 AM

.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718D000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709C000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7169000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FC000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7166000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F8, 70]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AE000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [62, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B1000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709F000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7190000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7151000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FF000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B7000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7160000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7175000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4D, 71]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717B000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E7000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E4000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717E000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7184000A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1112] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7181000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1156] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01160001
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[1156] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\WINDOWS\system32\wuauclt.exe[1156] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\wuauclt.exe[1156] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [59, 71]
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1160] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [71, 71] {JNO 0x73}
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E2000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7115000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715D000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7109000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7196000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719C000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7199000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7187000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718A000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710C000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BB000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F7000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709A000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714B000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7193000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C4000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C7000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BE000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C1000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7145000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710F000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7118000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D9000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716F000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7094000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DF000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7148000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EB000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F4000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F1000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708B000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AC000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A9000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DC000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708E000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7097000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716C000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7091000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EE000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7178000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D6000A
.text C:\WINDOWS\System32\svchost.exe[1160] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7112000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712D000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711B000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713F000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7130000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7133000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D3000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711E000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7127000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7121000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7142000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712A000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7136000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CA000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A6000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A3000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7103000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [05, 71]
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CD000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7139000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7124000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713C000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D0000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719F000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7157000A
.text C:\WINDOWS\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7154000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718D000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709D000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7169000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FD000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7166000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F9, 70]
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AF000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [62, 71]
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B5000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B2000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A0000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7190000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7151000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7100000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B8000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7160000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7175000A
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1160] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4D, 71]
.text C:\WINDOWS\System32\svchost.exe[1160] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717B000A
.text C:\WINDOWS\System32\svchost.exe[1160] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E8000A
.text C:\WINDOWS\System32\svchost.exe[1160] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E5000A
.text C:\WINDOWS\System32\svchost.exe[1160] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717E000A
.text C:\WINDOWS\System32\svchost.exe[1160] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7184000A
.text C:\WINDOWS\System32\svchost.exe[1160] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7181000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1248] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\Ati2evxx.exe[1312] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [59, 71]
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [71, 71] {JNO 0x73}
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E2000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7115000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715D000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7109000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A30001
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7196000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719C000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7199000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7187000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718A000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710C000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BB000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F7000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709A000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714B000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7193000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C4000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C7000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BE000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C1000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7145000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710F000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7118000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D9000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716F000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7094000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DF000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7148000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EB000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F4000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F1000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708B000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AC000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A9000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DC000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708E000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7097000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716C000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7091000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EE000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7178000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D6000A
.text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7112000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712D000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711B000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713F000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7130000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7133000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D3000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711E000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7127000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7121000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7142000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712A000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7136000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CA000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A6000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A3000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7103000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [05, 71]
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CD000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7139000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7124000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713C000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D0000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719F000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7157000A
.text C:\WINDOWS\System32\svchost.exe[1420] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7154000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718D000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709D000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7169000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FD000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7166000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F9, 70]
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AF000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [62, 71]
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B5000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B2000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A0000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7190000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7151000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7100000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B8000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7160000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7175000A
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1420] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4D, 71]
.text C:\WINDOWS\System32\svchost.exe[1420] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717B000A
.text C:\WINDOWS\System32\svchost.exe[1420] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E8000A
.text C:\WINDOWS\System32\svchost.exe[1420] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E5000A
.text C:\WINDOWS\System32\svchost.exe[1420] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717E000A
.text C:\WINDOWS\System32\svchost.exe[1420] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7184000A
.text C:\WINDOWS\System32\svchost.exe[1420] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7181000A
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BA000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7099000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C3000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C6000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BD000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C0000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D8000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7093000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DE000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708A000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AB000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A8000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DB000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708D000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7096000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7090000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D5000A
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D2000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C9000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A5000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A2000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CF000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709C000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AE000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709F000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B7000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\WINDOWS\Explorer.EXE[1456] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70E4000A
.text C:\WINDOWS\Explorer.EXE[1456] WININET.dll!InternetOpenUrlW 3D998471 6 Bytes JMP 70E1000A
.text C:\WINDOWS\Explorer.EXE[1456] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\Explorer.EXE[1456] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\WINDOWS\Explorer.EXE[1456] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\WINDOWS\Explorer.EXE[1456] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\WINDOWS\Explorer.EXE[1456] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\Explorer.EXE[1456] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\Explorer.EXE[1456] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[1544] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1656] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [72, 71] {JB 0x73}
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E3000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7116000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715E000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710A000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A40001
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7197000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719D000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719A000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7188000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718B000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710D000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BC000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F8000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709B000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714C000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7194000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C5000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C8000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BF000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C2000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7146000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7110000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7119000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DA000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7170000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7095000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E0000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7149000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EC000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F5000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F2000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708C000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AD000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AA000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DD000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708F000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7098000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716D000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7092000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EF000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7179000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D7000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7113000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712E000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711C000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7140000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7131000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7134000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D4000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711F000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7128000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7122000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7143000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712B000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7137000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CB000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A7000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A4000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7104000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [06, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CE000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713A000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7125000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713D000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D1000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A0000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7158000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7155000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718E000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709E000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716A000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FE000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7167000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FA, 70]
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B0000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [63, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B6000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B3000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A1000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7191000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7152000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7101000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B9000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7161000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7176000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1656] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4E, 71]
.text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717C000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E9000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E6000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717F000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7185000A
.text C:\WINDOWS\system32\spoolsv.exe[1656] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7182000A
.text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1744] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[1744] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[1744] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A

#7 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:01:19 AM

Posted 01 July 2011 - 11:09 AM

All Users should not contain any files but a skeleton: Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.

#8 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 July 2011 - 11:10 AM

.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1744] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\WINDOWS\System32\svchost.exe[1744] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\System32\svchost.exe[1744] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[1744] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[1744] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[1744] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\System32\svchost.exe[1744] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\System32\svchost.exe[1744] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[1744] WININET.dll!InternetOpenUrlW 3D998471 6 Bytes JMP 70E1000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[1900] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5D, 71]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [75, 71] {JNZ 0x73}
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E6000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7119000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7161000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710D000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A70001
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719A000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A0000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719D000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718B000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718E000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7110000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BF000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FB000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709E000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714F000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7197000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C8000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CB000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C2000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C5000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7149000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [A9, 71]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7113000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711C000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DD000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7173000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7098000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E3000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714C000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EF000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F8000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F5000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708F000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B0000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AD000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E0000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7092000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709B000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7170000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7095000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F2000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717C000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DA000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7116000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7191000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A1000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716D000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7101000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716A000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FD, 70]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B3000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [66, 71]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B9000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B6000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A4000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7194000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7155000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7104000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BC000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7164000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7179000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [51, 71]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7131000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711F000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7143000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7134000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7137000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D7000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7122000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712B000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7125000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7146000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712E000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713A000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CE000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AA000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A7000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7107000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [09, 71]
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D1000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713D000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7128000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7140000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D4000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A3000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715B000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7158000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717F000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70EC000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E9000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7182000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7188000A
.text C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe[1912] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7185000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [52, 71]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6A, 71] {PUSH 0x71}
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DB000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 710E000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7156000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7102000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02330001
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 718F000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7195000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7192000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7180000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7183000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7105000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B4000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F0000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7093000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7144000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718C000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70BD000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C0000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70B7000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BA000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 713E000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9B, 71]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7108000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7111000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D2000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7168000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 708D000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70D8000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7141000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E4000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CopyFileA 7C8286EE 4 Bytes JMP EC001E25
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CopyFileA + 5 7C8286F3 1 Byte [70]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70EA000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7084000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A5000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A2000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D5000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7087000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7090000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7165000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708A000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70E7000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7171000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70CF000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710B000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7126000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7114000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7138000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7129000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712C000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CC000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7117000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7120000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711A000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713B000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7123000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 712F000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C3000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 709F000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709C000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FC000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [FE, 70]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C6000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7132000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 711D000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7135000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70C9000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7198000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7150000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 714D000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A20F5A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7186000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7096000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A4, 71]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7162000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F6000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 715F000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F2, 70]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70A8000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5B, 71]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70AE000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AB000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7099000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7189000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714A000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70F9000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B1000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7159000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719F0F5A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 716E000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [46, 71]
.text C:\Program Files\AIM6\aolsoftware.exe[2232] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7174000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E1000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70DE000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7177000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 717D000A
.text C:\Program Files\AIM6\aolsoftware.exe[2232] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717A000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B7000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7096000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C0000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C3000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BA000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70BD000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D5000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7090000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DB000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7087000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A8000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A5000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D8000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708A000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7093000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 708D000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D2000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70CF000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C6000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A2000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 709F000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C9000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CC000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7099000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AB000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B1000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70AE000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709C000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B4000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\Documents and Settings\Jordan\My Documents\Downloads\wirds2sb.exe[2428] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [55, 71]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [6D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70DE000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7111000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7159000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7105000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E60001
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7192000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7198000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7195000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7183000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7186000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7108000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70B1000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F3000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7090000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7147000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 718F000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70BA000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70BD000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70B4000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70B7000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7141000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [9E, 71]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710B000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7114000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70CF000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716B000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 708A000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70D5000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7144000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70E7000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F0000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CopyFileW 7C82F87B 4 Bytes JMP EC001E25
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CopyFileW + 5 7C82F880 1 Byte [70]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7081000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70A2000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 709F000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70D2000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7084000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 708D000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7168000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7087000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70EA000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7174000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70CC000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 710E000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7129000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7117000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713B000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712C000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 712F000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70C9000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711A000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7123000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 711D000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 713E000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7126000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7132000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C0000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 709C000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7099000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70FF000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [01, 71]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70C3000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7135000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7120000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7138000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70C6000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719B000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7153000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7150000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7189000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7093000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7165000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70F9000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7162000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F5, 70]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70A5000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [5E, 71]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70AB000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70A8000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7096000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718C000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 714D000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FC000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70AE000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715C000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7171000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [49, 71]
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70DB000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] WININET.dll!InternetOpenUrlW 3D998471 6 Bytes JMP 70D8000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7177000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E4000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E1000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717A000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7180000A
.text C:\Program Files\Common Files\Java\Java Update\jucheck.exe[2492] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\WINDOWS\System32\svchost.exe[2852] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2852] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\WINDOWS\System32\svchost.exe[2852] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2852] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\svchost.exe[2852] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\svchost.exe[2852] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2852] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\WINDOWS\System32\svchost.exe[2852] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\System32\svchost.exe[2852] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\svchost.exe[2852] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\WINDOWS\System32\svchost.exe[2852] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\svchost.exe[2852] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\System32\svchost.exe[2852] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\System32\svchost.exe[2852] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\Program Files\PC Tools Security\TFEngine\TFService.exe[2884] kernel32.dll!CreateRemoteThread + 174 7C810640 4 Bytes JMP 71AF0000
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\wdfmgr.exe[2920] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\WINDOWS\System32\wdfmgr.exe[2920] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\WINDOWS\System32\wdfmgr.exe[2920] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70C0000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 709F000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C9000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70CC000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70C3000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C6000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70DE000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7099000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70E4000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7090000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70B1000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70AE000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70E1000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7093000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 709C000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7096000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70DB000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 70A2000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70B4000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70BA000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B7000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 70A5000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70BD000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A

.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D8000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70CF000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70AB000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A8000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70D2000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70D5000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[2956] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [58, 71]
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3224] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [70, 71] {JO 0x73}
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E1000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 7114000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715C000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 7108000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A20001
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 7195000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 719B000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7198000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7186000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7189000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 710B000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BA000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70F6000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7099000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 714A000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7192000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C3000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C6000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BD000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C0000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 7144000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 710E000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 7117000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D8000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 716E000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7093000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DE000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7147000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70EA000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F3000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F0000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708A000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AB000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A8000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DB000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708D000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7096000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 716B000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7090000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CopyFileExA 7C85F39C 4 Bytes JMP EC001E25
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CopyFileExA + 5 7C85F3A1 1 Byte [70]
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7177000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D5000A
.text C:\WINDOWS\System32\alg.exe[3224] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7111000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 718C000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709C000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7168000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70FC000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 7165000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [F8, 70]
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AE000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [61, 71]
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B4000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B1000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709F000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 718F000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7150000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70FF000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B7000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 715F000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 7174000A
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3224] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [4C, 71]
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 712C000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 711A000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 713E000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 712F000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7132000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D2000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 711D000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 7126000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7120000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7141000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 7129000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 7135000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C9000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A5000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A2000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7102000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [04, 71] {ADD AL, 0x71}
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CC000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7138000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7123000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 713B000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CF000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 719E000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7156000A
.text C:\WINDOWS\System32\alg.exe[3224] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7153000A
.text C:\WINDOWS\System32\alg.exe[3224] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 717A000A
.text C:\WINDOWS\System32\alg.exe[3224] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 6 Bytes JMP 70E7000A
.text C:\WINDOWS\System32\alg.exe[3224] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70E4000A
.text C:\WINDOWS\System32\alg.exe[3224] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 717D000A
.text C:\WINDOWS\System32\alg.exe[3224] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7183000A
.text C:\WINDOWS\System32\alg.exe[3224] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7180000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [5E, 71]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70E7000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 711A000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7162000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 710E000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71A80001
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 719B000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 71A1000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 719E000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 718C000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 718F000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 7111000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 70BA000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70FC000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7099000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7150000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 7198000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 70C3000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 70C6000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 70BD000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 70C0000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 714A000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [AD, 71]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 7114000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 711D000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70D8000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7174000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7093000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70DE000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 714D000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70F0000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70F9000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70F6000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 708A000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 70AB000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 70A8000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70DB000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 708D000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7096000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7171000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7090000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70F3000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 717D000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 70D5000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 7117000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7192000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 709C000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 716E000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 7102000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 716B000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [FE, 70]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 70AE000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [67, 71]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 70B4000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 70B1000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 709F000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7195000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7156000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 7105000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 70B7000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7165000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 717A000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [52, 71]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 7132000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 7120000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7144000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 7135000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 7138000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 70D2000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 7123000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 712C000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 7126000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 7147000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 712F000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 713B000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 70C9000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 70A5000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 70A2000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 7108000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [0A, 71]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 70CC000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 713E000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 7129000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7141000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 70CF000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 71A4000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 715C000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 7159000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70E4000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] WININET.dll!InternetOpenUrlW 3D998471 6 Bytes JMP 70E1000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] SHELL32.dll!ShellExecuteExW 7CA098CB 6 Bytes JMP 7180000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] SHELL32.dll!Shell_NotifyIcon 7CA28BC6 4 Bytes JMP EC001E25
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] SHELL32.dll!Shell_NotifyIcon + 5 7CA28BCB 1 Byte [70]
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] SHELL32.dll!Shell_NotifyIconW 7CA2A537 6 Bytes JMP 70EA000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] SHELL32.dll!ShellExecuteEx 7CA40E45 6 Bytes JMP 7183000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] SHELL32.dll!ShellExecuteA 7CA41170 6 Bytes JMP 7189000A
.text C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe[3972] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7186000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\MSVCRT.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aim6.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9C46] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9CCD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9DE1] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [6BFA9D54] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM6\aolsoftware.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9E6E] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A7B57D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- EOF - GMER 1.0.15 ----

#9 thefigtree

thefigtree
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:08:19 PM

Posted 01 July 2011 - 01:23 PM

New topic at http://www.bleepingcomputer.com/forums/topic407144.html

Thanks!

#10 hamluis

hamluis

    Moderator


  • Moderator
  • 56,551 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:07:19 PM

Posted 01 July 2011 - 01:51 PM

Now that your log is properly posted, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a Malware Removal Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the logs you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the Malware Removal Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the Malware Removal Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Now that your log is posted and you are waiting, please DO NOT make another reply until it has been responded to by a member of the Malware Removal Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another Malware Removal Team member is already assisting you and not open the thread to respond.

To avoid confusion, I am closing this topic.

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users