Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Repeating AOL sign-ons, growing virtual memory, slow sign-ons


  • Please log in to reply
21 replies to this topic

#1 CeeDon

CeeDon

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 07 September 2011 - 11:21 AM

You have recently removed one or more virusus from this computer, but now a new one has appeared.

First, AOL is extremely slow to start when I click on the icon. Once I've signed on, after a time a new sign-on screen appears on top of what I'm doing. I cancel that one. Soon I see activity at the bottom of the screen (where ordinarily you see "Done" or "//http:/..." etc. The virus is doing its own AOL activity! Soon afterward AOL is canceled, as if I had canceled it.

Also, Microsoft XP suddenly announces they are having to increase my virtual memory. Paging size is currently at 384 Mb, and my RAM is 1.25 GB. This is happening more and more frequently.

I have again changed my AOL sign-on password, and I no longer permit it to use the password automatically (I have to enter it at each sign on).

Thanks for any help you can provide.

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:49 PM

Posted 07 September 2011 - 11:24 AM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

NOTEMalwarebytes is now offering a free trial of their program, if you want to accept it you will need to enter some billing information, so that at the end of the trial you would be charged the cost of the product. Please decline this offer, if you are unable to provide billing information. If you want to try it out, then provide the billing information.

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are unchecked (leave all others checked):
    • Ignore files larger then 4mb
    • Ignore non-executable files

    Now Perform the scan with SUPERAntiSpyware as follows:
    • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes" and reboot normally.
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.[list]
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

SAS Portable
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.


All scans above should be performed in regular boot mode, and if that is not possible then I will post instructions in a follow up reply on how to get into Safe Mode to perform the scans. Also all scans should be COMPLETE and not quick unless specifically instructed to do so.

#3 CeeDon

CeeDon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 07 September 2011 - 11:58 AM

Here is new information:

The 'pop-up' that signs on to AOL on top of the one I have running just tried it again. But now I requre a password each time, rather than the automatic one. The screen hung up, wanting the password. AT THE BOTTOM OF THE SCREEN WAS: http://www.gadling.com/tag/barbarycoast.

When I cancel that pop-up, another pop-up appears, urging me to allow an automatic password. The virus is sophisticated, isn't it?

I hope this is useful to you.

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:49 PM

Posted 07 September 2011 - 12:26 PM

Can you run the above scans?

#5 CeeDon

CeeDon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 08 September 2011 - 04:23 PM

Malware Bytes Anti-malware log follows. Will reply again when I've run SUPERAntiSpyware.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7678

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/8/2011 3:39:03 PM
mbam-log-2011-09-08 (15-39-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 276868
Time elapsed: 1 hour(s), 13 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:49 PM

Posted 08 September 2011 - 04:35 PM

Perform the other scans.

#7 CeeDon

CeeDon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 08 September 2011 - 11:17 PM

Sorry I got behind---busy day.

Here is the SAS log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/08/2011 at 06:19 PM

Application Version : 5.0.1118

Core Rules Database Version : 7662
Trace Rules Database Version: 5474

Scan type : Complete Scan
Total Scan Time : 01:26:37

Operating System Information
Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 625
Memory threats detected : 0
Registry items scanned : 37828
Registry threats detected : 9
File items scanned : 44144
File threats detected : 12

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC#NextInstance
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Service
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Legacy
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ConfigFlags
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#Class
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#ClassGUID
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000#DeviceDesc

Adware.Tracking Cookie
C:\Documents and Settings\Don\Cookies\ST44SX1U.txt
C:\Documents and Settings\Don\Cookies\ZMAONZ3Q.txt
C:\Documents and Settings\Don\Cookies\CEJSD6JF.txt
C:\Documents and Settings\Don\Cookies\2JJOST5V.txt
C:\Documents and Settings\Don\Cookies\NWN3MWQV.txt
C:\Documents and Settings\Don\Cookies\C4PIRA4N.txt
C:\Documents and Settings\Don\Cookies\VBOJCTCN.txt
C:\Documents and Settings\Don\Cookies\1PZ9ACIM.txt
C:\Documents and Settings\Don\Cookies\OO5VJNYA.txt
C:\Documents and Settings\Don\Cookies\96XE4I35.txt
C:\Documents and Settings\Don\Cookies\TE5KVEC7.txt
C:\Documents and Settings\Don\Cookies\OM4SE8Z6.txt

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:49 PM

Posted 09 September 2011 - 01:33 AM

Now Gmer.

#9 CeeDon

CeeDon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 12 September 2011 - 03:14 PM

I sent my GMER log at the end of last week. It doesn't appear in this chain of messages. Should I try again?

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:49 PM

Posted 12 September 2011 - 05:02 PM

Yes try again.

#11 CeeDon

CeeDon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 12 September 2011 - 10:11 PM

I've tried three times now to send you my GMER log. I paste into a message like this, but the message never goes through. Apparently the log is too long, yet I can't find a way to attach it to a message such as this.

Any suggestions?

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:49 PM

Posted 13 September 2011 - 10:13 AM

Can you break up the log?

#13 CeeDon

CeeDon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 13 September 2011 - 12:28 PM

Here is the first piece of the GMER log.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-12 17:41:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75FJA1 rev.14.03G14
Running: 6pr6w22o.exe; Driver: C:\DOCUME~1\Don\LOCALS~1\Temp\pxtdapow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xB10C5FC9]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xB10C6E96]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xB10C71E7]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xB10C5F2D]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xB10C6BBB]
SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xB98887B0]
SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xB10C6FC3]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\System32\DRIVERS\mohfilt.sys entry point in "init" section [0xF780A760]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!TerminateProcess 7C801E1A 5 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D110 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 5FF3CFF4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!OpenThread 7C82FC08 5 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] kernel32.dll!DebugActiveProcess 7C85B0FB 5 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!PostMessageW + 2 7E418CCD 6 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!BroadcastSystemMessageW + 2 7E41E668 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SetUserObjectSecurity + 2 7E4213B5 6 Bytes JMP 5FF3CDBC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SetWindowsHookW + 2 7E421B8C 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!BroadcastSystemMessageExW + 2 7E423656 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendDlgItemMessageW + 2 7E4273CE 7 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!PostThreadMessageA + 2 7E4277C7 8 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SetWindowsHookExW + 2 7E428211 5 Bytes JMP 5FF3D580 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendMessageW + 2 7E42929C 7 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!PostMessageA + 2 7E42AAFF 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendMessageTimeoutW + 2 7E42CDAC 5 Bytes JMP 5FF39AAC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendNotifyMessageW + 2 7E42D651 6 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendMessageCallbackW + 2 7E42D6DD 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendMessageA + 2 7E42F3C4 7 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendMessageTimeoutA + 2 7E42FB6D 5 Bytes JMP 5FF39990 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!OpenClipboard + 2 7E430279 7 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SetWindowsHookExA + 2 7E431213 5 Bytes JMP 5FF3D464 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendDlgItemMessageA + 2 7E43C2E9 7 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SetWindowsHookA + 2 7E43ED6B 5 Bytes JMP 5FF3D69C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendNotifyMessageA + 2 7E45394A 6 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!EndTask + 2 7E45A0A7 6 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!ExitWindowsEx + 2 7E45A277 6 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!BroadcastSystemMessageExA + 2 7E46AE99 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!BroadcastSystemMessage 7E46AEBE 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] USER32.dll!SendMessageCallbackA + 2 7E46B12B 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoGetInstanceFromFile 77540212 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] ole32.dll!CoGetInstanceFromIStorage 77596ABD 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\Explorer.EXE[220] SHELL32.dll!SHCreateProcessAsUserW 7CAC94D4 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!TerminateProcess 7C801E1A 5 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D110 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 5FF3CFF4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!OpenThread 7C82FC08 5 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] kernel32.dll!DebugActiveProcess 7C85B0FB 5 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!PostMessageW 7E418CCB 8 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!BroadcastSystemMessageW 7E41E666 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SetWindowsHookW 7E421B8A 7 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!BroadcastSystemMessageExW 7E423654 7 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendDlgItemMessageW 7E4273CC 9 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!PostThreadMessageW 7E4277B8 6 Bytes JMP 5FF3963B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!PostThreadMessageA 7E4277C5 2 Bytes [90, E9]
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!PostThreadMessageA + 3 7E4277C8 7 Bytes [1D, B1, E1, 90, 90, 90, 90] {SBB EAX, 0x9090e1b1; NOP ; NOP }
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendMessageCallbackW 7E42D6DB 6 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!OpenClipboard 7E430277 6 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendDlgItemMessageA 7E43C2E7 9 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!EndTask 7E45A0A5 8 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!ExitWindowsEx 7E45A275 8 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!BroadcastSystemMessageExA 7E46AE97 7 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!BroadcastSystemMessage 7E46AEBE 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] USER32.dll!SendMessageCallbackA 7E46B129 6 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ole32.dll!CoGetInstanceFromFile 77540212 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] ole32.dll!CoGetInstanceFromIStorage 77596ABD 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\ctfmon.exe[1224] SHELL32.dll!SHCreateProcessAsUserW 7CAC94D4 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Windows Defender\MsMpEng.exe[1276] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94D6 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38007 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] kernel32.dll!CreateProcessW 7C802336 7 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] kernel32.dll!CreateProcessA 7C80236B 7 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] kernel32.dll!FreeLibrary 7C80AC7E 6 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] kernel32.dll!ExitProcess 7C81CB12 7 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 8 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 8 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\SYSTEM32\svcprs32.exe[1488] SHELL32.dll!SHCreateProcessAsUserW 7CAC94D4 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\WINDOWS\system32\LEXBCES.EXE[1760] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94D6 6 Bytes JMP 5FF38B1F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38008 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!TerminateProcess 7C801E1A 5 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 5FF3CED8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D110 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 5FF3CFF4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!ExitProcess 7C81CB12 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!TerminateThread 7C81CB3B 5 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!OpenThread 7C82FC08 5 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] kernel32.dll!DebugActiveProcess 7C85B0FB 5 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 5 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!SetKernelObjectSecurity 77DE4E9A 5 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0E0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A800 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC70 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!SetFileSecurityW 77DEA3E1 5 Bytes JMP 5FF3C714 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes JMP 5FF3AEA8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!SetNamedSecurityInfoW 77DF0CF5 5 Bytes JMP 5FF3CCA0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes JMP 5FF3B1FC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes JMP 5FF3B434 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes JMP 5FF3AFC4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes JMP 5FF3B318 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 5FF3AB54 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!SetSecurityInfo 77DF4DF2 5 Bytes JMP 5FF3CA68 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes JMP 5FF3A6E4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes JMP 5FF3BF4C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes JMP 5FF3B550 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!AbortSystemShutdownW 77DFD45B 5 Bytes JMP 5FF3E1B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 5 Bytes JMP 5FF387CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!InitiateSystemShutdownW 77E34C51 5 Bytes JMP 5FF3DD48 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!InitiateSystemShutdownExW 77E34CE5 5 Bytes JMP 5FF3DF80 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes JMP 5FF3C2A0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes JMP 5FF3C184 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes JMP 5FF3C94C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes JMP 5FF3BADC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes JMP 5FF3BBF8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes JMP 5FF3BD14 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes JMP 5FF3BE30 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 5FF3A91C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 5FF3AA38 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes JMP 5FF3AD8C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes JMP 5FF3B8A4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes JMP 5FF3B9C0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes JMP 5FF3B66C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes JMP 5FF3B788 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ADVAPI32.dll!EnumServicesStatusW 77E37D61 5 Bytes JMP 5FF3C068 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!BroadcastSystemMessageW 7E41E666 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SetUserObjectSecurity 7E4213B3 5 Bytes JMP 5FF3CDBC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SetWindowsHookW 7E421B8A 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!BroadcastSystemMessageExW 7E423654 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendDlgItemMessageW 7E4273CC 5 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 5FF3D580 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 5FF39AAC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 5FF39990 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!OpenClipboard 7E430277 5 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 5FF3D464 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendDlgItemMessageA 7E43C2E7 5 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SetWindowsHookA 7E43ED69 5 Bytes JMP 5FF3D69C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!BroadcastSystemMessageExA 7E46AE97 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!BroadcastSystemMessage 7E46AEBE 5 Bytes JMP 5FF3A038 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] SHELL32.dll!SHCreateProcessAsUserW 7CAC94D4 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ole32.dll!CoGetClassObject 775151F5 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ole32.dll!CoGetInstanceFromFile 77540212 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\Nikon\NkView5\NkvMon.exe[2396] ole32.dll!CoGetInstanceFromIStorage 77596ABD 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A04 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387CA C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe[2476] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94D6 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D347 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!LoadLibraryExW 7C801AF5 12 Bytes JMP 5FF38005 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!WriteProcessMemory + 2 7C802215 8 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!CreateProcessW + 2 7C802338 8 Bytes JMP 5FF386AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!CreateProcessA + 2 7C80236D 8 Bytes JMP 5FF38593 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!VirtualAllocEx 7C809B12 12 Bytes JMP 5FF3D10D C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!GetProcAddress + 2 7C80AE42 6 Bytes JMP 5FF38123 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF1 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!ExitProcess + 2 7C81CB14 10 Bytes JMP 5FF3823F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E77 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9EF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!PostMessageW 7E418CCB 8 Bytes JMP 5FF39403 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!BroadcastSystemMessageW 7E41E666 7 Bytes JMP 5FF3A153 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SetUserObjectSecurity 7E4213B3 8 Bytes JMP 5FF3CDBB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SetWindowsHookW 7E421B8A 7 Bytes JMP 5FF3D7B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!BroadcastSystemMessageExW 7E423654 7 Bytes JMP 5FF3A38B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendDlgItemMessageW 7E4273CC 9 Bytes JMP 5FF39F1B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!PostThreadMessageW 7E4277B8 6 Bytes JMP 5FF3963B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!PostThreadMessageA 7E4277C5 2 Bytes [90, E9]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!PostThreadMessageA + 3 7E4277C8 7 Bytes [1D, B1, E1, 90, 90, 90, 90] {SBB EAX, 0x9090e1b1; NOP ; NOP }
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SetWindowsHookExW 7E42820F 7 Bytes JMP 5FF3D57F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 5FF391CB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 5FF392E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendMessageTimeoutW 7E42CDAA 7 Bytes JMP 5FF39AAB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendNotifyMessageW 7E42D64F 8 Bytes JMP 5FF39CE3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendMessageCallbackW 7E42D6DB 6 Bytes JMP 5FF39873 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 5FF390AF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendMessageTimeoutA 7E42FB6B 7 Bytes JMP 5FF3998F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!OpenClipboard 7E430277 6 Bytes JMP 5FF368BB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SetWindowsHookExA 7E431211 7 Bytes JMP 5FF3D463 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendDlgItemMessageA 7E43C2E7 9 Bytes JMP 5FF39DFF C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SetWindowsHookA 7E43ED69 7 Bytes JMP 5FF3D69B C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendNotifyMessageA 7E453948 8 Bytes JMP 5FF39BC7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!EndTask 7E45A0A5 8 Bytes JMP 5FF38F93 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!ExitWindowsEx 7E45A275 8 Bytes JMP 5FF3E2D3 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!BroadcastSystemMessageExA 7E46AE97 7 Bytes JMP 5FF3A26F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] USER32.dll!SendMessageCallbackA 7E46B129 6 Bytes JMP 5FF39757 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DB C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C82F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes [8B, FF, 90, E9, 88, 43, 15]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceStatus + 8 77DE6D58 4 Bytes CALL 086EFDED
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes [8B, FF, 90, E9, A3, 38, 15]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!OpenSCManagerW + 8 77DE6F5D 4 Bytes CALL 086EFFF2
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes [8B, FF, 90, E9, 6B, 3C, 15]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!OpenServiceW + 8 77DE7005 4 Bytes CALL 086F009A
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!SetFileSecurityW + 2 77DEA3E3 6 Bytes JMP 5FF3C713 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!CreateProcessAsUserW + 2 77DEA8AB 6 Bytes JMP 5FF388E7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!StartServiceA 77DEFB58 7 Bytes [8B, FF, 90, E9, 48, B3, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!StartServiceA + 8 77DEFB60 4 Bytes CALL 086F8BF5
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DF0CF7 6 Bytes JMP 5FF3CC9F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceStatusEx 77DF120A 7 Bytes [8B, FF, 90, E9, EA, 9F, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceStatusEx + 8 77DF1212 4 Bytes CALL 086FA2A7
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceConfigA 77DF1596 7 Bytes [8B, FF, 90, E9, 96, 9E, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceConfigA + 8 77DF159E 4 Bytes CALL 086FA633
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!StartServiceW 77DF3E94 7 Bytes [8B, FF, 90, E9, 28, 71, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!StartServiceW + 8 77DF3E9C 4 Bytes CALL 086FCF31
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ControlService 77DF4A09 7 Bytes [8B, FF, 90, E9, 07, 69, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ControlService + 8 77DF4A11 4 Bytes CALL 086FDAA6
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes [8B, FF, 90, E9, E6, 5E, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!OpenServiceA + 8 77DF4C6E 4 Bytes CALL 086FDD03
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!SetSecurityInfo + 2 77DF4DF4 6 Bytes JMP 5FF3CA67 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!OpenSCManagerA 77DF69AE 7 Bytes [8B, FF, 90, E9, 2E, 3D, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!OpenSCManagerA + 8 77DF69B6 4 Bytes CALL 086FFA4B
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumServicesStatusA 77DF6B47 7 Bytes [8B, FF, 90, E9, FD, 53, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumServicesStatusA + 8 77DF6B4F 4 Bytes CALL 086FFBE4
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceConfigW 77DF6F92 7 Bytes [8B, FF, 90, E9, B6, 45, 14]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceConfigW + 8 77DF6F9A 4 Bytes CALL 0870002F
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!AbortSystemShutdownW + 2 77DFD45D 6 Bytes JMP 5FF3E1B7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!CreateProcessAsUserA + 2 77E10CEA 6 Bytes JMP 5FF38A03 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 10 Bytes JMP 5FF387C9 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!InitiateSystemShutdownW + 2 77E34C53 6 Bytes JMP 5FF3DD47 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!InitiateSystemShutdownExW + 2 77E34CE7 6 Bytes JMP 5FF3DF7F C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumServicesStatusExW 77E369B8 7 Bytes [8B, FF, 90, E9, E0, 58, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumServicesStatusExW + 9 77E369C1 3 Bytes CALL 0873FA56
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumServicesStatusExA 77E36C2F 7 Bytes [8B, FF, 90, E9, 4D, 55, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumServicesStatusExA + 8 77E36C37 4 Bytes CALL 0873FCCC
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 7 Bytes [8B, FF, 90, E9, C3, 5B, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!SetServiceObjectSecurity + 8 77E36D89 4 Bytes CALL 0873FE1E
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 7 Bytes [8B, FF, 90, E9, 6B, 4C, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ChangeServiceConfigA + 8 77E36E71 4 Bytes CALL 0873FF06
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 7 Bytes [8B, FF, 90, E9, EF, 4B, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ChangeServiceConfigW + 8 77E37009 4 Bytes CALL 0874009E
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 7 Bytes [8B, FF, 90, E9, 0B, 4C, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ChangeServiceConfig2A + 8 77E37109 4 Bytes CALL 0874019E
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 7 Bytes [8B, FF, 90, E9, 9F, 4C, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!ChangeServiceConfig2W + 8 77E37191 4 Bytes CALL 08740226
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes [8B, FF, 90, E9, 03, 37, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!CreateServiceA + 8 77E37219 4 Bytes CALL 087402AE
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes [8B, FF, 90, E9, 87, 36, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!CreateServiceW + 8 77E373B1 4 Bytes CALL 08740446
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!DeleteService 77E374B1 7 Bytes [8B, FF, 90, E9, D3, 38, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!DeleteService + 8 77E374B9 4 Bytes CALL 0874054E
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumDependentServicesA 77E37529 7 Bytes [8B, FF, 90, E9, 73, 43, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumDependentServicesA + 8 77E37531 4 Bytes CALL 087405C6
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumDependentServicesW 77E375E1 7 Bytes [8B, FF, 90, E9, D7, 43, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumDependentServicesW + 8 77E375E9 4 Bytes CALL 0874067E
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceConfig2A 77E37999 7 Bytes [8B, FF, 90, E9, CB, 3C, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceConfig2A + 8 77E379A1 4 Bytes CALL 08740A36
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceConfig2W 77E37AB1 7 Bytes [8B, FF, 90, E9, CF, 3C, 10]
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!QueryServiceConfig2W + 8 77E37AB9 4 Bytes CALL 08740B4E
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ADVAPI32.dll!EnumServicesStatusW + 2 77E37D63 8 Bytes JMP 5FF3C067 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ole32.dll!CoCreateInstanceEx + 2 774FF156 5 Bytes JMP 5FF3632C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ole32.dll!CoCreateInstance + 2 774FF1AE 6 Bytes JMP 5FF36210 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ole32.dll!CoInitializeEx + 2 77501475 5 Bytes JMP 5FF360F4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ole32.dll!CoGetClassObject + 2 775151F7 5 Bytes JMP 5FF36448 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ole32.dll!CoGetInstanceFromFile + 2 77540214 5 Bytes JMP 5FF36564 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] ole32.dll!CoGetInstanceFromIStorage + 2 77596ABF 5 Bytes JMP 5FF36680 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\iTunes\iTunesHelper.exe[2640] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC94D6 5 Bytes JMP 5FF38B20 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!VirtualProtectEx + 2 7C801A63 10 Bytes JMP 5FF3D22C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!VirtualProtect + 2 7C801AD6 6 Bytes JMP 5FF3D348 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 5FF38006 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!TerminateProcess + 2 7C801E1C 7 Bytes JMP 5FF38D5C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!WriteProcessMemory + 2 7C802215 8 Bytes JMP 5FF3CED7 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!CreateProcessW + 2 7C802338 5 Bytes JMP 5FF386B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!CreateProcessA + 2 7C80236D 5 Bytes JMP 5FF38594 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!VirtualAllocEx 7C809B12 7 Bytes JMP 5FF3D10E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!FreeLibrary + 2 7C80AC80 7 Bytes JMP 5FF3835C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!GetProcAddress + 2 7C80AE42 5 Bytes JMP 5FF38124 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!CreateRemoteThread 7C8104CC 10 Bytes JMP 5FF3CFF2 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!ExitProcess + 2 7C81CB14 5 Bytes JMP 5FF38240 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!TerminateThread + 2 7C81CB3D 7 Bytes JMP 5FF38E78 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!OpenThread + 2 7C82FC0A 6 Bytes JMP 5FF3D8D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] kernel32.dll!DebugActiveProcess + 2 7C85B0FD 8 Bytes JMP 5FF3D9F0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 5FF39404 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!BroadcastSystemMessageW 7E41E666 5 Bytes JMP 5FF3A154 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SetUserObjectSecurity 7E4213B3 5 Bytes JMP 5FF3CDBC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SetWindowsHookW 7E421B8A 5 Bytes JMP 5FF3D7B8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!BroadcastSystemMessageExW 7E423654 5 Bytes JMP 5FF3A38C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendDlgItemMessageW 7E4273CC 5 Bytes JMP 5FF39F1C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!PostThreadMessageW 7E4277B8 5 Bytes JMP 5FF3963C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!PostThreadMessageA 7E4277C5 5 Bytes JMP 5FF39520 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 5FF3D580 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendMessageW 7E42929A 5 Bytes JMP 5FF391CC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 5FF392E8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendMessageTimeoutW 7E42CDAA 5 Bytes JMP 5FF39AAC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendNotifyMessageW 7E42D64F 5 Bytes JMP 5FF39CE4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendMessageCallbackW 7E42D6DB 5 Bytes JMP 5FF39874 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendMessageA 7E42F3C2 5 Bytes JMP 5FF390B0 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendMessageTimeoutA 7E42FB6B 5 Bytes JMP 5FF39990 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!OpenClipboard 7E430277 5 Bytes JMP 5FF368BC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 5FF3D464 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendDlgItemMessageA 7E43C2E7 5 Bytes JMP 5FF39E00 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SetWindowsHookA 7E43ED69 5 Bytes JMP 5FF3D69C C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendNotifyMessageA 7E453948 5 Bytes JMP 5FF39BC8 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 5FF38F94 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 5FF3E2D4 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!BroadcastSystemMessageExA 7E46AE97 5 Bytes JMP 5FF3A270 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!BroadcastSystemMessage + 2 7E46AEC0 7 Bytes JMP 5FF3A037 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] USER32.dll!SendMessageCallbackA 7E46B129 5 Bytes JMP 5FF39758 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] ADVAPI32.dll!AdjustTokenPrivileges + 2 77DDF00E 7 Bytes JMP 5FF3C4DC C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] ADVAPI32.dll!SetKernelObjectSecurity + 2 77DE4E9C 6 Bytes JMP 5FF3C830 C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] ADVAPI32.dll!QueryServiceStatus 77DE6D50 7 Bytes JMP 5FF3B0DE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] ADVAPI32.dll!OpenSCManagerW 77DE6F55 7 Bytes JMP 5FF3A7FE C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text C:\Program Files\QuickTime\QTTask.exe[2796] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 5FF3AC6E C:\WINDOWS\system32\UmxSbxw.dll (User mode executive module DLL/CA)
.text

#14 CeeDon

CeeDon
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 14 September 2011 - 01:01 PM

I sent my GMER log in two pieces, as you requested, and the system accepted it. Later I was notified that a new post had occurred, but I don't see it. Is everything still going? In any case, thanks for the help!

CeeDon

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:05:49 PM

Posted 14 September 2011 - 01:07 PM

You sent only half of your gmer log, so please send the remainder.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users