1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Ebay log-in asking for credit card info.

Discussion in 'Malware and Virus Removal Archive' started by a1b2c3, 2010/03/26.

Page 2 of 3
  1. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7125000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716A000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00840001
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715E000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7164000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7161000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714F000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7152000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715B000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6C, 71]
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7137000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7134000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7140000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
    .text C:\WINDOWS\System32\alg.exe[1232] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7155000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7131000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712E000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2A, 71]
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7158000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7128000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713D000A
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[1232] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7167000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 711F000A
    .text C:\WINDOWS\System32\alg.exe[1232] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711C000A
    .text C:\WINDOWS\System32\alg.exe[1232] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00F82862
    .text C:\WINDOWS\System32\alg.exe[1232] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00F826EE
    .text C:\WINDOWS\System32\alg.exe[1232] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00F827E0
    .text C:\WINDOWS\System32\alg.exe[1232] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00F82726
    .text C:\WINDOWS\System32\alg.exe[1232] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00F8275E
    .text C:\WINDOWS\System32\alg.exe[1232] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7143000A
    .text C:\WINDOWS\System32\alg.exe[1232] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B0000A
    .text C:\WINDOWS\System32\alg.exe[1232] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AD000A
    .text C:\WINDOWS\System32\alg.exe[1232] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7146000A
    .text C:\WINDOWS\System32\alg.exe[1232] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714C000A
    .text C:\WINDOWS\System32\alg.exe[1232] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7149000A
    .text C:\WINDOWS\System32\alg.exe[1232] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A7000A
    .text C:\WINDOWS\System32\alg.exe[1232] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A4000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010E0001
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00BC2862
    .text C:\WINDOWS\eHome\ehSched.exe[1364] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00BC26EE
    .text C:\WINDOWS\eHome\ehSched.exe[1364] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00BC27E0
    .text C:\WINDOWS\eHome\ehSched.exe[1364] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00BC2726
    .text C:\WINDOWS\eHome\ehSched.exe[1364] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00BC275E
    .text C:\WINDOWS\eHome\ehSched.exe[1364] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\eHome\ehSched.exe[1364] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01300001
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7083000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7062000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708C000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708F000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7086000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7089000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A1000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705C000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A7000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7053000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7074000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7071000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A4000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7056000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705F000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7059000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
     
    a1b2c3,
    #21
  2. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709E000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709B000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7092000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706E000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706B000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7095000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7098000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7065000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7077000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707D000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707A000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7068000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7080000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B0000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AD000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\Program Files\Java\jre6\bin\jqs.exe[1416] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\WINDOWS\System32\svchost.exe[1424] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\System32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1424] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\System32\svchost.exe[1424] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\System32\svchost.exe[1424] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\WINDOWS\system32\svchost.exe[1460] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\system32\svchost.exe[1460] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
     
    a1b2c3,
    #22


  3. to hide this advert.

  4. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\system32\svchost.exe[1460] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\system32\svchost.exe[1460] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\WINDOWS\system32\svchost.exe[1604] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\system32\svchost.exe[1604] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1604] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\system32\svchost.exe[1604] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\system32\svchost.exe[1604] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\system32\svchost.exe[1604] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\system32\svchost.exe[1604] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\system32\svchost.exe[1604] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\system32\svchost.exe[1604] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\system32\svchost.exe[1604] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013E0001
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7084000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7063000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708D000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7087000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708A000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705D000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7054000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7075000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7072000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7057000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7060000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705A000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709F000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7066000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7078000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707E000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707B000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7069000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7081000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709C000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7093000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706F000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706C000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7096000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7099000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] WS2_32.dll!closesocket 01543E2B 5 Bytes JMP 01CA2862
    .text C:\WINDOWS\system32\igfxpers.exe[1612] WS2_32.dll!send 01544C27 5 Bytes JMP 01CA26EE
    .text C:\WINDOWS\system32\igfxpers.exe[1612] WS2_32.dll!WSARecv 01544CB5 5 Bytes JMP 01CA27E0
    .text C:\WINDOWS\system32\igfxpers.exe[1612] WS2_32.dll!recv 0154676F 5 Bytes JMP 01CA2726
    .text C:\WINDOWS\system32\igfxpers.exe[1612] WS2_32.dll!WSASend 015468FA 5 Bytes JMP 01CA275E
    .text C:\WINDOWS\system32\igfxpers.exe[1612] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 7051000A
    .text C:\WINDOWS\system32\igfxpers.exe[1612] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 704E000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01260001
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
     
    a1b2c3,
    #23
  5. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E32862
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E326EE
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E327E0
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E32726
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1644] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E3275E
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01350001
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7084000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7063000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708D000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7090000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7087000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708A000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A2000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705D000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A8000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7054000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7075000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7072000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A5000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7057000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7060000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705A000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709F000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709C000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7093000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706F000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706C000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7096000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7099000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7066000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7078000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707E000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707B000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7069000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7081000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] shell32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] shell32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] shell32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] shell32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] shell32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] shell32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] WS2_32.dll!closesocket 01053E2B 5 Bytes JMP 01E52862
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] WS2_32.dll!send 01054C27 5 Bytes JMP 01E526EE
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] WS2_32.dll!WSARecv 01054CB5 5 Bytes JMP 01E527E0
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] WS2_32.dll!recv 0105676F 5 Bytes JMP 01E52726
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] WS2_32.dll!WSASend 010568FA 5 Bytes JMP 01E5275E
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 7051000A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1652] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 704E000A
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01860001
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7084000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7063000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708D000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7087000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708A000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705D000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7054000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7075000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7072000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7057000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7060000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
     
    a1b2c3,
    #24
  6. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705A000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709F000A
    .text C:\WINDOWS\stsystra.exe[1660] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7066000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7078000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707E000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707B000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7069000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7081000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709C000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7093000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706F000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706C000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7096000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7099000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\stsystra.exe[1660] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\stsystra.exe[1660] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\stsystra.exe[1660] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\stsystra.exe[1660] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\stsystra.exe[1660] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\stsystra.exe[1660] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\stsystra.exe[1660] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\stsystra.exe[1660] WS2_32.dll!closesocket 01633E2B 5 Bytes JMP 01062862
    .text C:\WINDOWS\stsystra.exe[1660] WS2_32.dll!send 01634C27 5 Bytes JMP 010626EE
    .text C:\WINDOWS\stsystra.exe[1660] WS2_32.dll!WSARecv 01634CB5 5 Bytes JMP 010627E0
    .text C:\WINDOWS\stsystra.exe[1660] WS2_32.dll!recv 0163676F 5 Bytes JMP 01062726
    .text C:\WINDOWS\stsystra.exe[1660] WS2_32.dll!WSASend 016368FA 5 Bytes JMP 0106275E
    .text C:\WINDOWS\stsystra.exe[1660] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 7051000A
    .text C:\WINDOWS\stsystra.exe[1660] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 704E000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7084000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7063000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708D000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7090000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7087000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708A000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A2000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705D000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A8000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7054000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7075000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7072000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A5000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7057000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7060000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705A000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709F000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709C000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7093000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706F000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706C000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7096000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7099000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7066000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7078000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707E000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707B000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7069000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7081000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] shell32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] shell32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] shell32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] shell32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] shell32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[1676] shell32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02020001
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\Program Files\DNA\btdna.exe[1700] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\Program Files\DNA\btdna.exe[1700] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\DNA\btdna.exe[1700] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\Program Files\DNA\btdna.exe[1700] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\Program Files\DNA\btdna.exe[1700] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\Program Files\DNA\btdna.exe[1700] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\Program Files\DNA\btdna.exe[1700] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\Program Files\DNA\btdna.exe[1700] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\Program Files\DNA\btdna.exe[1700] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
     
    a1b2c3,
    #25
  7. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\Program Files\DNA\btdna.exe[1700] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 019C2862
    .text C:\Program Files\DNA\btdna.exe[1700] WS2_32.dll!send 71AB4C27 5 Bytes JMP 019C26EE
    .text C:\Program Files\DNA\btdna.exe[1700] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 019C27E0
    .text C:\Program Files\DNA\btdna.exe[1700] WS2_32.dll!recv 71AB676F 5 Bytes JMP 019C2726
    .text C:\Program Files\DNA\btdna.exe[1700] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 019C275E
    .text C:\Program Files\DNA\btdna.exe[1700] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\Program Files\DNA\btdna.exe[1700] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EF0001
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0041FBE0 C:\Program Files\PeerBlock\peerblock.exe (PeerBlock/PeerBlock, LLC)
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01552862
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015526EE
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015527E0
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01552726
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0155275E
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\Program Files\PeerBlock\peerblock.exe[1736] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016E0001
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00742862
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 007426EE
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 007427E0
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00742726
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1752] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0074275E
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
     
    a1b2c3,
    #26
  8. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\WINDOWS\system32\svchost.exe[1808] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7084000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7063000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708D000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7087000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708A000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705D000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7054000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7075000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7072000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7057000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7060000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705A000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709F000A
    .text C:\WINDOWS\system32\svchost.exe[1808] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709C000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7093000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706F000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706C000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7096000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7099000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\system32\svchost.exe[1808] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7066000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7078000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707E000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707B000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7069000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7081000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1808] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\system32\svchost.exe[1808] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\system32\svchost.exe[1956] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\system32\svchost.exe[1956] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\system32\svchost.exe[1956] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\system32\svchost.exe[1956] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\system32\svchost.exe[1956] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\system32\svchost.exe[1956] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\system32\svchost.exe[1956] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FA0001
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\WINDOWS\system32\svchost.exe[2060] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
     
    a1b2c3,
    #27
  9. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\system32\svchost.exe[2060] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[2060] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\system32\svchost.exe[2060] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\system32\svchost.exe[2060] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\system32\svchost.exe[2060] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\system32\svchost.exe[2060] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\system32\svchost.exe[2060] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\system32\svchost.exe[2060] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\system32\svchost.exe[2060] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\system32\svchost.exe[2060] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 7084000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 7063000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 708D000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7087000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 708A000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 705D000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 7054000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 7075000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 7072000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7057000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7060000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 705A000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 709F000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7066000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7078000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 707E000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 707B000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7069000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7081000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 709C000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 7093000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 706F000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 706C000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7096000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7099000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\System32\wltrysvc.exe[2132] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0BBC0001
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
     
    a1b2c3,
    #28
  10. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01212862
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012126EE
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012127E0
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01212726
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0121275E
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\system32\SearchIndexer.exe[2192] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014B0001
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 012C2862
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 012C26EE
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 012C27E0
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] WS2_32.dll!recv 71AB676F 5 Bytes JMP 012C2726
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 012C275E
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\System32\bcmwltry.exe[2208] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01150001
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707E000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705D000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7087000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 708A000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7081000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7084000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7057000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704E000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706F000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706C000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7051000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 705A000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7054000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DA2862
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DA26EE
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DA27E0
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DA2726
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DA275E
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A8000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A5000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7144000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B1000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AE000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7147000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714D000A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[2496] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 714A000A
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 01F3290A
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 01F328BA
     
    a1b2c3,
    #29
  11. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #30
  12. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    .text C:\Program Files\internet explorer\iexplore.exe[3392] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01F3287E
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2156E9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED964 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E43AF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E42E1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E434C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E41B2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4214 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4412 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4276 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!InternetReadFile 3D94654B 5 Bytes JMP 01F32CF3
    .text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!InternetCloseHandle 3D949088 5 Bytes JMP 01F32D4F
    .text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!HttpOpenRequestA 3D94D508 2 Bytes JMP 01F32AC2
    .text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!HttpOpenRequestA + 3 3D94D50B 2 Bytes [5E, C4]
    .text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 01F32926
    .text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!HttpSendRequestW 3D94FABE 5 Bytes JMP 01F330EB
    .text C:\Program Files\internet explorer\iexplore.exe[3392] WININET.dll!HttpSendRequestA 3D95EE89 5 Bytes JMP 01F32B71
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [89, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9E, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [92, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [AA, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A4, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A1, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [95, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A7, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8F, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9B, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [98, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8C, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7125000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716A000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00840001
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715E000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7164000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7161000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714F000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7152000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715B000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6C, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7137000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7134000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7140000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7167000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 711F000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711C000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7155000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7131000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712E000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2A, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7158000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7128000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713D000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[3816] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
    .text C:\WINDOWS\system32\dllhost.exe[3816] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 7143000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] SHELL32.dll!Shell_NotifyIcon 7CA28C56 6 Bytes JMP 70B0000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] SHELL32.dll!Shell_NotifyIconW 7CA2A5BF 6 Bytes JMP 70AD000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 7146000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 714C000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 7149000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] WS2_32.dll!closesocket 00D33E2B 5 Bytes JMP 01252862
    .text C:\WINDOWS\system32\dllhost.exe[3816] WS2_32.dll!send 00D34C27 5 Bytes JMP 012526EE
    .text C:\WINDOWS\system32\dllhost.exe[3816] WS2_32.dll!WSARecv 00D34CB5 5 Bytes JMP 012527E0
    .text C:\WINDOWS\system32\dllhost.exe[3816] WS2_32.dll!recv 00D3676F 5 Bytes JMP 01252726
    .text C:\WINDOWS\system32\dllhost.exe[3816] WS2_32.dll!WSASend 00D368FA 5 Bytes JMP 0125275E
    .text C:\WINDOWS\system32\dllhost.exe[3816] WININET.dll!InternetOpenUrlA 3D95F3A4 6 Bytes JMP 70A7000A
    .text C:\WINDOWS\system32\dllhost.exe[3816] WININET.dll!InternetOpenUrlW 3D9A6DDF 6 Bytes JMP 70A4000A

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [02E42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] [02E1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [02E42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [02E1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [02E42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [02E1BE20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [02E1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [02E1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [02E1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [02E42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [02E42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [02E1BE20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [02E1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW] [02E1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectA] [02E1AA00] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!MessageBoxIndirectW] [02E1B1D0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [02E1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [02E42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [02E42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DialogBoxParamW] [02E1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!MessageBoxIndirectW] [02E1B1D0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\internet explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [02E42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [02E1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] [02E1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [02E42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [02E1C040] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\USERENV.dll [USER32.dll!DialogBoxParamW] [02E1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [02E1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [02E42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!DialogBoxParamW] [02E1A1A0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\ws2_32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [02E42D20] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\inetmib1.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
     
    a1b2c3,
    #31
  13. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] [02E1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] [02E1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [02E42E30] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [02E42CF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] [02E1B950] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] [02E1BB60] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [02E42DC0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [02E42DF0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CloseHandle] [02E1C3F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] [02E1C5B0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\Program Files\internet explorer\iexplore.exe[1160] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!ReadFile] [02E1C4F0] C:\WINDOWS\PCTBDCore.dll (Browser Defender Core/Threat Expert Ltd.)
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!WriteFile] 709B0000
    IAT C:\WINDOWS\system32\SearchIndexer.exe[2192] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!WriteFile] 709B0000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys
    Device \Driver\PCTCore \Device\PCTCoreDevice 8A3BA588

    AttachedDevice \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
    AttachedDevice \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)

    Device \FileSystem\Fastfat \Fat A66B8D20

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

    ---- EOF - GMER 1.0.15 ----
     
    a1b2c3,
    #32
  14. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK. Got it. Hold on there.
     
    broni,
    #33
  15. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    =================================================================

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2.
    Post fresh HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #34
  16. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.44
    Database version: 3924
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/28/2010 5:52:18 PM
    mbam-log-2010-03-28 (17-52-18).txt

    Scan type: Quick Scan
    Objects scanned: 192466
    Time elapsed: 10 minute(s), 19 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ----------------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:01:59 PM, on 3/28/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\PeerBlock\peerblock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
    O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.download.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1220267475953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1220268559562
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
    O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7006 bytes
     
    a1b2c3,
    #35
  17. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is eBay issue?

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
    broni,
    #36
  18. 2010/03/28
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    When I try to sign in I get the message "do you want to view only the web page content that was delivered securely ". I close that window with the "X" and the page asking for personal financial information still comes up.

    I've completed the Temp File Cleaner and started the Kaspersky scan but when i came back to check on it, it was the blue screen memory dump.

    I'm going to start the Kaspersky scan again.
     
    a1b2c3,
    #37
  19. 2010/03/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    If Kaspersky keeps giving you problems...

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

    Post fresh HJT log as well.
     
    broni,
    #38
  20. 2010/03/29
    a1b2c3

    a1b2c3 Inactive Thread Starter

    Joined:
    2010/03/26
    Messages:
    33
    Likes Received:
    0
    C:\Documents and Settings\HelpAssistant\My Documents\LimeWire\Incomplete\T-719446624-Dear John (2010).avi a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
    C:\Program Files\Unlocker\eBay_shortcuts_1016.exe a variant of Win32/Adware.ADON application deleted - quarantined
    C:\System Volume Information\_restore{54D27111-7AD9-40EF-A2D7-C043B26BF131}\RP675\A0155858.exe a variant of Win32/Adware.ADON application deleted - quarantined


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:03:05 PM, on 3/29/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\wltrysvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\PeerBlock\peerblock.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\WINDOWS\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe "
    O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: *.download.com
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1220267475953
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1220268559562
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {F773E7B2-62A9-4524-9109-87D2F0BEFAA4} (ChessControl Class) - http://zone.msn.com/bingame/zpagames/zpa_kqrp.cab56961.cab
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
    O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)
    O23 - Service: ThreatFire - PC Tools - C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
    O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 7135 bytes
     
    a1b2c3,
    #39
  21. 2010/03/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    How is eBay thingy?
     
    broni,
    #40
Page 2 of 3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...