1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Possible key logger on computer?

Discussion in 'Malware and Virus Removal Archive' started by AdmSirRed, 2012/03/08.

Page 1 of 2
  1. 2012/03/08
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    [Resolved] Possible key logger on computer?

    Recently one of my game accounts has been compromised. i have no idea how but i fear a key-logger may be on my computer that my Antivirus does not catch * i am currently using Malwearbytes*

    I am ruining windows XP SP3


    *i ran the panda active scan but it produced no report, the 9 items it came up with i opted to clean*

    i tried the Kaspersky WebScanner link but it was broken.

    Mbam log

    2012/03/08 08:01:10 -0700 ERIC-BACH Eric IP-BLOCK 93.114.43.111 (Type: outgoing)
    2012/03/08 08:01:13 -0700 ERIC-BACH Eric IP-BLOCK 93.114.43.111 (Type: outgoing)
    2012/03/08 08:01:19 -0700 ERIC-BACH Eric IP-BLOCK 93.114.43.111 (Type: outgoing)
    2012/03/08 09:56:29 -0700 ERIC-BACH Eric IP-BLOCK 178.211.33.203 (Type: outgoing)
    2012/03/08 09:56:32 -0700 ERIC-BACH Eric IP-BLOCK 178.211.33.203 (Type: outgoing)
    2012/03/08 09:56:38 -0700 ERIC-BACH Eric IP-BLOCK 178.211.33.203 (Type: outgoing)
    2012/03/08 09:56:49 -0700 ERIC-BACH Eric IP-BLOCK 178.211.33.203 (Type: outgoing)
    2012/03/08 09:56:52 -0700 ERIC-BACH Eric IP-BLOCK 178.211.33.203 (Type: outgoing)
    2012/03/08 09:56:58 -0700 ERIC-BACH Eric IP-BLOCK 178.211.33.203 (Type: outgoing)
    2012/03/08 11:02:29 -0700 ERIC-BACH MESSAGE Starting protection
    2012/03/08 11:02:39 -0700 ERIC-BACH Eric MESSAGE Protection started successfully
    2012/03/08 11:02:43 -0700 ERIC-BACH Eric MESSAGE Starting IP protection
    2012/03/08 11:02:46 -0700 ERIC-BACH Eric MESSAGE IP Protection started successfully
    2012/03/08 18:42:18 -0700 ERIC-BACH Eric MESSAGE Starting database refresh
    2012/03/08 18:42:18 -0700 ERIC-BACH Eric MESSAGE Stopping IP protection
    2012/03/08 18:42:18 -0700 ERIC-BACH Eric MESSAGE IP Protection stopped
    2012/03/08 18:42:22 -0700 ERIC-BACH Eric MESSAGE Database refreshed successfully
    2012/03/08 18:42:22 -0700 ERIC-BACH Eric MESSAGE Starting IP protection
    2012/03/08 18:42:26 -0700 ERIC-BACH Eric MESSAGE IP Protection started successfully

    Thank you for any help and advice on this subject.
     
    AdmSirRed,
    #1
  2. 2012/03/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Any online account can be hacked from the outside not necessarily involving your computer, but if you want to have a peace of mind....

    Please, complete all steps listed HERE

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    broni,
    #2


  3. to hide this advert.

  4. 2012/03/08
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    I had to remove MBAM to install Bitdefender to my computer, do i still need to install MBAM or will the log from Bit defender work as well? i also installed MSE *this was before this thread was made*
     
    Last edited: 2012/03/08
    AdmSirRed,
    #3
  5. 2012/03/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You can't be running two AV programs so you must uninstall one of them.
    Either BitDefender, or MSE.

    Yes I still need MBAM log.
     
    broni,
    #4
  6. 2012/03/09
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    Malwarebytes Anti-Malware 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.03.09.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Eric :: ERIC-BACH [administrator]

    3/9/2012 7:33:43 AM
    mbam-log-2012-03-09 (07-33-43).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 377307
    Time elapsed: 2 hour(s), 5 minute(s), 32 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
    Run date: 2012-03-09 17:48:04
    -----------------------------
    17:48:04.968 OS Version: Windows 5.1.2600 Service Pack 3
    17:48:04.968 Number of processors: 4 586 0xF0B
    17:48:04.968 ComputerName: ERIC-BACH UserName: Eric
    17:48:19.750 Initialize success
    17:48:40.562 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
    17:48:40.562 Disk 0 Vendor: WDC_WD5001AALS-00L3B2 01.03B01 Size: 476810MB BusType: 3
    17:48:40.562 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-19
    17:48:40.562 Disk 1 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476938MB BusType: 3
    17:48:40.562 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP1T0L0-25
    17:48:40.562 Disk 2 Vendor: WDC_WD6400AAKS-22A7B2 01.03B01 Size: 610480MB BusType: 3
    17:48:40.562 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP1T1L0-2d
    17:48:40.562 Disk 3 Vendor: WDC_WD1001FALS-00E3A0 05.01D05 Size: 953868MB BusType: 3
    17:48:40.671 Disk 0 MBR read successfully
    17:48:40.671 Disk 0 MBR scan
    17:48:40.671 Disk 0 Windows XP default MBR code
    17:48:40.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476796 MB offset 63
    17:48:40.796 Disk 0 scanning sectors +976479840
    17:48:41.250 Disk 0 scanning C:\WINDOWS\system32\drivers
    17:49:39.812 Service scanning
    17:50:03.562 Modules scanning
    17:51:19.671 Disk 0 trace - called modules:
    17:51:19.703 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
    17:51:19.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ae6fab8]
    17:51:19.703 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\0000007a[0x8af0bf18]
    17:51:19.718 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8ae77d98]
    17:51:19.718 Scan finished successfully
    17:51:44.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Eric\Desktop\MBR.dat "
    17:51:44.109 The log file has been saved successfully to "C:\Documents and Settings\Eric\Desktop\aswMBR.txt "


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Eric at 17:52:19 on 2012-03-09
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3454.2382 [GMT -7:00]
    .
    AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    FW: Bitdefender Firewall *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Bitdefender\Bitdefender 2012\seccenter.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wuauclt.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
    mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe "
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
    mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe "
    mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228586308328
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{040C2624-5739-4082-8C6C-781F0F8A2596} : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{A9A805EB-8E07-4AA2-92DC-1CB25377574B} : DhcpNameServer = 192.168.2.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe "
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\eric\application data\mozilla\firefox\profiles\qccgyw7e.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2012-1-18 609984]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64512]
    R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-5-17 218688]
    R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2007-12-31 80392]
    R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [2006-11-8 16384]
    R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [2006-11-8 37888]
    R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2012-1-23 50128]
    R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
    R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2012-1-18 447208]
    R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf.sys [2011-11-14 113616]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-10-20 100456]
    R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [2006-11-30 91648]
    S1 eurvplnd;eurvplnd;c:\windows\system32\drivers\eurvplnd.sys [2012-3-8 41680]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c98b9e492bc54e;Google Update Service (gupdate1c98b9e492bc54e);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
    S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-11-17 63056]
    S3 cpuz132;cpuz132;\??\c:\docume~1\eric\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\eric\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 esgiguard;esgiguard;\??\c:\program files\enigma software group\spyhunter\esgiguard.sys --> c:\program files\enigma software group\spyhunter\esgiguard.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-10 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
    S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\manycam.sys --> c:\windows\system32\drivers\ManyCam.sys [?]
    S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2009-1-10 31872]
    S3 SafeBox;SafeBox;c:\program files\bitdefender\bitdefender safebox\safeboxservice.exe [2011-12-21 67120]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]
    S3 UBFWNet;Unibrain 1394 FireNet Adapter NT Driver;c:\windows\system32\drivers\ubfwnet.sys [2006-12-5 24576]
    S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    UnknownUnknown shrqwjws;shrqwjws; [x]
    .
    =============== Created Last 30 ================
    .
    2012-03-09 04:59:37 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-09 03:59:43 41680 ----a-w- c:\windows\system32\drivers\eurvplnd.sys
    2012-03-09 03:39:57 256573 ----a-w- c:\documents and settings\all users\application data\1331263796.bdinstall.bin
    2012-03-09 03:38:22 -------- d-----w- c:\documents and settings\all users\application data\BDLogging
    2012-03-09 03:37:19 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2012-03-09 03:36:47 -------- d-----w- c:\documents and settings\eric\application data\Bitdefender
    2012-03-09 03:36:10 -------- d-----w- c:\documents and settings\all users\application data\Bitdefender
    2012-03-09 03:32:47 -------- d-----w- c:\documents and settings\eric\application data\QuickScan
    2012-03-09 03:31:43 -------- d-----w- c:\program files\Bitdefender
    2012-03-09 03:31:29 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2012-03-09 03:31:24 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-03-09 03:05:21 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-03-09 03:03:21 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2012-03-09 02:59:44 -------- d-----w- c:\program files\common files\Bitdefender
    2012-03-09 02:00:53 -------- d-s---w- C:\ComboFix
    2012-03-09 01:44:53 -------- d-----w- c:\program files\Panda Security
    2012-02-15 05:03:24 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-15 05:03:24 3072 ------w- c:\windows\system32\iacenc.dll
    .
    ==================== Find3M ====================
    .
    2012-03-09 03:47:31 16608 ----a-w- c:\windows\gdrv.sys
    2012-03-09 03:41:38 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-03-09 03:41:34 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-01-12 16:53:24 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-23 14:12:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-12-17 19:46:36 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46:36 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46:36 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22:58 385024 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 17:55:06.92 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/5/2008 1:03:00 PM
    System Uptime: 3/8/2012 8:40:21 PM (21 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3P
    Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 293.081 GiB free.
    D: is CDROM ()
    E: is CDROM (CDFS)
    F: is FIXED (NTFS) - 596 GiB total, 6.754 GiB free.
    G: is FIXED (NTFS) - 932 GiB total, 79.283 GiB free.
    H: is FIXED (NTFS) - 466 GiB total, 12.852 GiB free.
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Unibrain 1394 FireNet Adapter
    Device ID: UB1394\UNIBRAIN&1394_PC\007C8EA200001FD0
    Manufacturer: Unibrain
    Name: Unibrain 1394 FireNet Adapter
    PNP Device ID: UB1394\UNIBRAIN&1394_PC\007C8EA200001FD0
    Service: UBFWNet
    .
    ==== System Restore Points ===================
    .
    RP455: 12/11/2011 9:43:57 AM - System Checkpoint
    RP456: 12/12/2011 6:17:02 PM - System Checkpoint
    RP457: 12/13/2011 7:11:58 PM - System Checkpoint
    RP458: 12/14/2011 7:23:58 PM - System Checkpoint
    RP459: 12/15/2011 8:11:58 PM - System Checkpoint
    RP460: 12/17/2011 8:08:01 AM - System Checkpoint
    RP461: 12/18/2011 8:26:31 AM - System Checkpoint
    RP462: 12/19/2011 10:47:37 AM - System Checkpoint
    RP463: 12/19/2011 12:00:16 PM - Software Distribution Service 3.0
    RP464: 12/20/2011 5:15:44 PM - System Checkpoint
    RP465: 12/21/2011 5:27:11 PM - System Checkpoint
    RP466: 12/22/2011 6:27:11 PM - System Checkpoint
    RP467: 12/23/2011 6:35:54 PM - System Checkpoint
    RP468: 12/24/2011 6:38:39 PM - System Checkpoint
    RP469: 12/25/2011 6:48:06 PM - System Checkpoint
    RP470: 12/27/2011 4:27:35 AM - System Checkpoint
    RP471: 12/28/2011 4:34:00 AM - System Checkpoint
    RP472: 12/29/2011 4:36:07 AM - System Checkpoint
    RP473: 12/30/2011 12:06:31 PM - System Checkpoint
    RP474: 12/31/2011 12:36:06 PM - System Checkpoint
    RP475: 1/1/2012 1:45:57 PM - System Checkpoint
    RP476: 1/2/2012 5:20:08 PM - System Checkpoint
    RP477: 1/2/2012 6:17:03 PM - Removed SpyHunter
    RP478: 1/2/2012 6:17:43 PM - Removed LogMeIn Hamachi
    RP479: 1/3/2012 7:27:56 PM - System Checkpoint
    RP480: 1/4/2012 11:39:32 PM - System Checkpoint
    RP481: 1/6/2012 10:23:01 PM - System Checkpoint
    RP482: 1/9/2012 12:00:21 PM - Software Distribution Service 3.0
    RP483: 1/10/2012 2:27:18 PM - System Checkpoint
    RP484: 1/11/2012 2:40:42 PM - System Checkpoint
    RP485: 1/12/2012 2:43:32 PM - System Checkpoint
    RP486: 1/13/2012 3:43:32 PM - System Checkpoint
    RP487: 1/14/2012 4:43:32 PM - System Checkpoint
    RP488: 1/16/2012 11:55:04 AM - System Checkpoint
    RP489: 1/16/2012 12:00:16 PM - Software Distribution Service 3.0
    RP490: 1/17/2012 5:08:59 PM - System Checkpoint
    RP491: 1/18/2012 10:28:47 PM - System Checkpoint
    RP492: 1/19/2012 10:51:10 PM - System Checkpoint
    RP493: 1/20/2012 11:26:19 PM - System Checkpoint
    RP494: 1/22/2012 12:27:43 AM - System Checkpoint
    RP495: 1/23/2012 8:59:28 AM - System Checkpoint
    RP496: 1/24/2012 9:22:21 AM - System Checkpoint
    RP497: 1/25/2012 9:22:27 AM - System Checkpoint
    RP498: 1/26/2012 9:44:26 AM - Avg8 Update
    RP499: 1/26/2012 9:45:36 AM - Avg8 Update
    RP500: 1/27/2012 11:31:05 AM - System Checkpoint
    RP501: 1/28/2012 12:16:32 PM - System Checkpoint
    RP502: 1/29/2012 1:00:45 PM - System Checkpoint
    RP503: 1/30/2012 12:00:17 PM - Software Distribution Service 3.0
    RP504: 1/31/2012 10:53:10 PM - System Checkpoint
    RP505: 2/1/2012 11:49:48 PM - System Checkpoint
    RP506: 2/3/2012 9:58:22 AM - System Checkpoint
    RP507: 2/4/2012 10:08:08 AM - System Checkpoint
    RP508: 2/5/2012 11:08:08 AM - System Checkpoint
    RP509: 2/6/2012 11:56:08 AM - System Checkpoint
    RP510: 2/7/2012 12:28:14 PM - System Checkpoint
    RP511: 2/8/2012 12:30:11 PM - System Checkpoint
    RP512: 2/10/2012 10:54:49 PM - System Checkpoint
    RP513: 2/12/2012 10:12:56 AM - System Checkpoint
    RP514: 2/13/2012 10:47:31 AM - System Checkpoint
    RP515: 2/14/2012 5:29:46 PM - System Checkpoint
    RP516: 2/15/2012 6:00:22 PM - System Checkpoint
    RP517: 2/16/2012 7:00:24 PM - System Checkpoint
    RP518: 2/17/2012 10:59:37 PM - System Checkpoint
    RP519: 2/18/2012 11:01:28 PM - System Checkpoint
    RP520: 2/20/2012 12:00:24 AM - System Checkpoint
    RP521: 2/20/2012 12:00:16 PM - Software Distribution Service 3.0
    RP522: 2/21/2012 9:13:29 PM - System Checkpoint
    RP523: 2/22/2012 10:39:42 PM - System Checkpoint
    RP524: 2/23/2012 11:17:37 PM - System Checkpoint
    RP525: 2/24/2012 11:18:42 PM - System Checkpoint
    RP526: 2/25/2012 11:52:36 PM - System Checkpoint
    RP527: 2/26/2012 7:50:06 AM - Removed Ask Toolbar.
    RP528: 2/27/2012 8:05:39 AM - System Checkpoint
    RP529: 2/28/2012 9:00:03 AM - System Checkpoint
    RP530: 2/29/2012 10:00:31 AM - System Checkpoint
    RP531: 3/1/2012 10:32:31 AM - System Checkpoint
    RP532: 3/2/2012 10:33:27 AM - System Checkpoint
    RP533: 3/3/2012 11:32:31 AM - System Checkpoint
    RP534: 3/4/2012 12:34:36 PM - System Checkpoint
    RP535: 3/5/2012 10:27:06 PM - System Checkpoint
    RP536: 3/7/2012 9:28:05 AM - System Checkpoint
    RP537: 3/8/2012 7:49:17 AM - Removed Command & Conquer 3.
    RP538: 3/8/2012 7:58:15 AM - Removed MorphVOX Junior
    RP539: 3/8/2012 8:06:49 AM - Removed Command & Conquer™ 4 Tiberian Twilight
    RP540: 3/8/2012 8:10:32 AM - Removed Command & Conquer™ Red Alert™ 3
    RP541: 3/8/2012 10:10:11 AM - Removed AVG Free 8.5
    RP542: 3/8/2012 6:44:52 PM - Installed Panda ActiveScan Cleaner
    RP543: 3/8/2012 7:04:12 PM - Installed Ad-Aware
    RP544: 3/8/2012 7:04:54 PM - Installed Ad-Aware
    RP545: 3/8/2012 7:09:01 PM - Configured Driver Detective
    RP546: 3/8/2012 8:05:21 PM - Software Distribution Service 3.0
    RP547: 3/8/2012 8:37:19 PM - Installed Windows XP Wdf01009.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Ad-Aware
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.5.0
    AIM 6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVI DVD Burner v5.6.0.186
    Belkin Setup and Router Monitor
    BioShock 2
    Bitdefender Total Security 2012
    Bonjour
    Browser Configuration Utility
    Call of Duty(R) 4 - Modern Warfare(TM)
    CCleaner
    Click to Call with Skype
    Crysis WARHEAD(R)
    DAEMON Tools Lite
    Dell Driver Download Manager
    DVD Flick 1.3.0.6
    Energy Saver Advance B8.0905.1
    Freelancer
    GameSpy Arcade
    Gigabyte Raid Configurer
    Google Earth
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    League of Legends
    LightScribe System Software 1.10.27.1
    Magic Online III
    Malwarebytes Anti-Malware version 1.60.1.1000
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Game Studios Common Redistributables Pack 1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft XML Parser
    Microsoft XNA Framework Redistributable 4.0
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSN
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    MTX
    Nero 8
    neroxml
    NVIDIA Control Panel 266.44
    NVIDIA Graphics Driver 266.44
    NVIDIA HD Audio Driver 1.1.13.1
    NVIDIA Install Application
    NVIDIA nView 135.50
    NVIDIA nView Desktop Manager
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.10.0514
    NX
    OpenOffice.org 3.1
    Panda ActiveScan Cleaner
    QuickTime
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    Realtek High Definition Audio Driver
    SecondLife (remove only)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2584146)
    Security Update for Windows XP (KB2585542)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2598479)
    Security Update for Windows XP (KB2603381)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2631813)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB2646524)
    Security Update for Windows XP (KB2660465)
    Security Update for Windows XP (KB2661637)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB963027)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969897)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972260)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165-v2)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype™ 5.5
    SpeedSim
    Spelling Dictionaries Support For Adobe Reader 9
    StarCraft II
    Steam
    System Requirements Lab
    Terraria
    TinyBurn
    ubCorePro
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Windows Internet Explorer 8 (KB973874)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676-v2)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Ventrilo Client
    Video DVD Maker v3.19.0.42
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VLC media player 0.9.2
    WebFldrs XP
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Format Runtime
    WinRAR archiver
    World of Warcraft
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2012 10:03:42 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    3/9/2012 10:03:13 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/8/2012 8:37:51 PM, error: ipnathlp [31012] - The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.
    3/8/2012 8:37:35 PM, error: Service Control Manager [7000] - The bdsandbox service failed to start due to the following error: The specified procedure could not be found.
    3/8/2012 7:50:14 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    3/8/2012 6:34:07 PM, error: ipnathlp [31008] - The DNS proxy agent was unable to read the local list of name-resolution servers from the registry. The data is the error code.
    3/7/2012 7:27:49 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/6/2012 12:28:32 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    3/6/2012 12:04:36 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/6/2012 12:02:08 PM, error: nv [108] - The driver nv4_disp for the display device \Device\Video0 got stuck in an infinite loop. This usually indicates a problem with the device itself or with the device driver programming the hardware incorrectly. Please check with your hardware device vendor for any driver updates.
    3/5/2012 11:57:50 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/5/2012 11:57:42 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    3/5/2012 11:57:21 AM, error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).
    .
    ==== End Of File ===========================



    *made a mistake on gmar saving so i am re running it*also it went to blue screen as it was being scanned once and the reboot was slow, is this a problem?
     
    Last edited: 2012/03/09
    AdmSirRed,
    #5
  7. 2012/03/09
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Let me know if it'll complete on second run.

    If you want to keep BitDefender you must uninstall Lavasoft Ad-Watch Live! Anti-Virus as well.
     
    broni,
    #6
  8. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-03-10 07:19:29
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD5001AALS-00L3B2 rev.01.03B01
    Running: qkdpkpz9.exe; Driver: C:\DOCUME~1\Eric\LOCALS~1\Temp\kwrcipog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwAllocateVirtualMemory [0xAA81DEC6]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwAssignProcessToJobObject [0xAA81E946]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwClose [0xAA8218F8]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwConnectPort [0xAA8201B4]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateFile [0xAA81F660]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateKey [0xAA8208AC]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateProcess [0xAA81EB9C]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateProcessEx [0xAA81EC52]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateSection [0xAA81EF3A]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwCreateThread [0xAA81D836]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwDeviceIoControlFile [0xAA820A1C]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwDuplicateObject [0xAA824D1C]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwFsControlFile [0xAA820CD4]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwLoadDriver [0xAA81E33C]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwMakeTemporaryObject [0xAA8216D0]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwOpenFile [0xAA81F408]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwOpenProcess [0xAA824774]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwOpenSection [0xAA81ED0C]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwOpenThread [0xAA824A24]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwProtectVirtualMemory [0xAA81DD4A]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwQueueApcThread [0xAA81EA6E]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwReplaceKey [0xAA82151E]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwRequestPort [0xAA820322]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwRequestWaitReplyPort [0xAA81FCB6]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwRestoreKey [0xAA8215A8]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSecureConnectPort [0xAA82073C]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSetContextThread [0xAA81D9A6]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSetSecurityObject [0xAA821478]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSetSystemInformation [0xAA81E4E8]
    SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB8118BFE]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwShutdownSystem [0xAA82163A]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSuspendProcess [0xAA81DC22]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSuspendThread [0xAA81DAFC]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwSystemDebugControl [0xAA81E878]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwTerminateProcess [0xAA82466C]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwTerminateThread [0xAA824F0E]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwUnloadDriver [0xAA821766]
    SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2012\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender LLC) ZwWriteVirtualMemory [0xAA81D6BA]

    SYSENTER avc3.sys B7EC0000

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2C30 805044CC 4 Bytes JMP 98ECEF52
    .text ntkrnlpa.exe!ZwCallbackReturn + 2EB4 80504750 4 Bytes [6E, EA, 81, AA]
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FA4 80504840 4 Bytes CALL 98FACA29
    .text ntkrnlpa.exe!ZwCallbackReturn + 2FD8 80504874 12 Bytes [22, DC, 81, AA, FC, DA, 81, ...] {AND BL, AH; SUB DWORD [EDX-0x557e2504], 0xaa81e878}
    .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xAF5063A0, 0x5FCE32, 0xE8000020]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\svchost.exe[456] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\svchost.exe[456] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\svchost.exe[456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\svchost.exe[456] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\svchost.exe[456] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\svchost.exe[456] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\svchost.exe[456] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\system32\svchost.exe[456] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\svchost.exe[616] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\svchost.exe[616] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\svchost.exe[616] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\svchost.exe[616] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\system32\svchost.exe[616] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\spoolsv.exe[808] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\spoolsv.exe[808] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
     
    AdmSirRed,
    #7
  9. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\spoolsv.exe[808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\spoolsv.exe[808] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\spoolsv.exe[808] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\spoolsv.exe[808] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\spoolsv.exe[808] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\spoolsv.exe[808] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\spoolsv.exe[808] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\spoolsv.exe[808] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\WINDOWS\system32\spoolsv.exe[808] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\system32\spoolsv.exe[808] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\system32\spoolsv.exe[808] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\system32\spoolsv.exe[808] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\system32\spoolsv.exe[808] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\system32\spoolsv.exe[808] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\system32\spoolsv.exe[808] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63001D19
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63001C89
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63002109
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 63002079
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63001F59
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63002B29
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63003039
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\Explorer.EXE[952] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002979
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 630022B9
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63001B69
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 63002229
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63001E39
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63002E89
    .text C:\WINDOWS\Explorer.EXE[952] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 63002199
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63003309
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 630027C9
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630023D9
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63002589
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63002349
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 630026A9
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63002739
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63002A09
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63002A99
    .text C:\WINDOWS\Explorer.EXE[952] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63002619
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63003279
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003159
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63003399
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 630030C9
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63001AD9
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63002C49
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 630031E9
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63002D69
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63001A49
    .text C:\WINDOWS\Explorer.EXE[952] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\Explorer.EXE[952] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63003429
    .text C:\WINDOWS\Explorer.EXE[952] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\svchost.exe[1180] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\svchost.exe[1180] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\svchost.exe[1180] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006129
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006099
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1536] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
     
    AdmSirRed,
    #8
  10. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\svchost.exe[1892] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\svchost.exe[1892] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\svchost.exe[1892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\svchost.exe[1892] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\svchost.exe[1892] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\svchost.exe[1892] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\svchost.exe[1892] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\svchost.exe[1892] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\svchost.exe[1892] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\system32\svchost.exe[1892] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005EE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe[1916] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\svchost.exe[2000] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\svchost.exe[2000] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\svchost.exe[2000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\svchost.exe[2000] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\svchost.exe[2000] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\svchost.exe[2000] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\svchost.exe[2000] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\svchost.exe[2000] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\svchost.exe[2000] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\system32\svchost.exe[2000] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
     
    AdmSirRed,
    #9
  11. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\System32\svchost.exe[2040] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\System32\svchost.exe[2040] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\System32\svchost.exe[2040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\System32\svchost.exe[2040] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\System32\svchost.exe[2040] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\System32\svchost.exe[2040] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\System32\svchost.exe[2040] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\System32\svchost.exe[2040] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\System32\svchost.exe[2040] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\System32\svchost.exe[2040] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\WINDOWS\System32\svchost.exe[2040] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\System32\svchost.exe[2040] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\System32\svchost.exe[2040] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\System32\svchost.exe[2040] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\System32\svchost.exe[2040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\System32\svchost.exe[2040] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\System32\svchost.exe[2040] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\RTHDCPL.EXE[2072] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\RTHDCPL.EXE[2072] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\RTHDCPL.EXE[2072] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\RTHDCPL.EXE[2072] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006099
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2116] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
     
    AdmSirRed,
    #10
  12. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63005E59
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63006009
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe[2124] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005EE9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63005E59
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63006009
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
     
    AdmSirRed,
    #11
  13. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Bonjour\mDNSResponder.exe[2328] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\iTunes\iTunesHelper.exe[2368] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\System32\alg.exe[2704] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\System32\alg.exe[2704] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\System32\alg.exe[2704] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\System32\alg.exe[2704] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\System32\alg.exe[2704] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005E59
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\System32\alg.exe[2704] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005F79
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\System32\alg.exe[2704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\System32\alg.exe[2704] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006009
    .text C:\WINDOWS\System32\alg.exe[2704] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\System32\alg.exe[2704] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\System32\alg.exe[2704] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\System32\alg.exe[2704] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\System32\alg.exe[2704] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\System32\alg.exe[2704] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\System32\alg.exe[2704] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\System32\alg.exe[2704] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006099
    .text C:\WINDOWS\System32\alg.exe[2704] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005E59
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
     
    AdmSirRed,
    #12
  14. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63005F79
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63006009
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe[2864] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\ctfmon.exe[2928] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\ctfmon.exe[2928] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\ctfmon.exe[2928] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\ctfmon.exe[2928] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\ctfmon.exe[2928] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe[2936] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63005E59
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
     
    AdmSirRed,
    #13
  15. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63006009
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006099
    .text C:\Program Files\Java\jre6\bin\jqs.exe[3104] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3148] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63005EE9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63006009
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005E59
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63005F79
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
     
    AdmSirRed,
    #14
  16. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63006009
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe[3276] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\system32\PnkBstrA.exe[3360] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63005F79
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63006009
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006099
    .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[3384] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\svchost.exe[3428] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\svchost.exe[3428] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\svchost.exe[3428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
     
    AdmSirRed,
    #15
  17. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\svchost.exe[3428] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\system32\svchost.exe[3428] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\svchost.exe[3428] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\svchost.exe[3428] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\svchost.exe[3428] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\system32\svchost.exe[3428] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005E59
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\system32\wdfmgr.exe[3472] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtReadFile + 5 7C90D9D3 5 Bytes JMP 63005CA9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005D39
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005EE9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005E59
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005F79
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005DC9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
     
    AdmSirRed,
    #16
  18. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Documents and Settings\Eric\Desktop\qkdpkpz9.exe[3668] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63006009
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\Program Files\iPod\bin\iPodService.exe[3768] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtClose + 5 7C90CFF3 5 Bytes JMP 63005C19
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtCreateFile + 5 7C90D0B3 5 Bytes JMP 63002109
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtCreateProcess + 5 7C90D153 5 Bytes JMP 63002D69
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtCreateProcessEx + 5 7C90D163 5 Bytes JMP 63002DF9
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtCreateThread + 5 7C90D1B3 5 Bytes JMP 63002CD9
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtDuplicateObject + 5 7C90D2A3 5 Bytes JMP 63003159
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtMapViewOfSection + 5 7C90D523 5 Bytes JMP 630016E9
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtOpenProcess + 5 7C90D603 5 Bytes JMP 63003039
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtQueueApcThread + 5 7C90D9A3 5 Bytes JMP 630030C9
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtRaiseHardError + 5 7C90D9C3 5 Bytes JMP 630043E9
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtSetContextThread + 5 7C90DBB3 5 Bytes JMP 63002FA9
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtSetInformationProcess + 5 7C90DCA3 5 Bytes JMP 63005709
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtSetValueKey + 5 7C90DDD3 5 Bytes JMP 630024F9
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtTerminateProcess + 5 7C90DE73 5 Bytes JMP 63005679
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtUnmapViewOfSection + 5 7C90DF13 5 Bytes JMP 63001779
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtVdmControl + 5 7C90DF23 5 Bytes JMP 63005CA9
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!NtWriteVirtualMemory + 5 7C90DFB3 5 Bytes JMP 63002F19
    .text C:\WINDOWS\System32\svchost.exe[3956] ntdll.dll!RtlCreateProcessParameters 7C92188B 5 Bytes JMP 63002199
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!GetSystemTimeAsFileTime 7C8017E9 5 Bytes JMP 63001D19
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 63002859
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 63005829
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 63005799
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 63002739
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 63002079
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 63001FE9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 63003279
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 63002979
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!SleepEx 7C8023A0 5 Bytes JMP 63002469
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!Sleep 7C802446 5 Bytes JMP 63002619
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CloseHandle 7C809BE7 5 Bytes JMP 63003789
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!QueryPerformanceCounter 7C80A4C7 5 Bytes JMP 63001DA9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!FreeLibrary 7C80AC7E 5 Bytes JMP 630058B9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 630026A9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 63001BF9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 63001C89
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CreateMutexW 7C80E957 5 Bytes JMP 630036F9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!OpenMutexW 7C80EA35 5 Bytes JMP 63003669
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 63002BB9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 630031E9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 63002E89
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!ExitProcess 7C81CB12 5 Bytes JMP 63002589
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 630019B9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CopyFileExW 7C827B32 5 Bytes JMP 63001809
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 630028E9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!Process32NextW 7C865027 5 Bytes JMP 63005B89
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!CreateToolhelp32Snapshot 7C865C7F 5 Bytes JMP 630027C9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!ReadConsoleA 7C872B5D 5 Bytes JMP 630042C9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!ReadConsoleW 7C872BAC 5 Bytes JMP 63004359
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!ReadConsoleInputA 7C874613 5 Bytes JMP 630041A9
    .text C:\WINDOWS\System32\svchost.exe[3956] KERNEL32.dll!ReadConsoleInputW 7C874636 5 Bytes JMP 63004239
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!RegQueryValueExW + 10C 77DD710B 5 Bytes JMP 63005E59
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 5 Bytes JMP 63003C99
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 630038A9
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!ControlService 77DF4A09 5 Bytes JMP 63003A59
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 63003819
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 63003B79
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 63003C09
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 63003E49
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 63003ED9
    .text C:\WINDOWS\System32\svchost.exe[3956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 63003AE9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!PostMessageW 7E418CCB 5 Bytes JMP 63005DC9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!GetMessageW 7E4191C6 5 Bytes JMP 63003FF9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!PeekMessageW 7E41929B 5 Bytes JMP 63004119
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!UserClientDllInitialize 7E41B217 5 Bytes JMP 63005EE9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!FindWindowExW 7E41E0E3 5 Bytes JMP 63005AF9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!DialogBoxIndirectParamAorW 7E4249D0 5 Bytes JMP 63005289
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!CreateDialogIndirectParamAorW 7E42680B 5 Bytes JMP 630051F9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!GetMessageA 7E42772B 5 Bytes JMP 63003F69
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 63002B29
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!FindWindowA 7E4282E1 5 Bytes JMP 63005949
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!SetWindowTextW 7E42960E 5 Bytes JMP 630054C9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!PeekMessageA 7E42A340 5 Bytes JMP 63004089
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!PostMessageA 7E42AAFD 5 Bytes JMP 63005D39
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!ShowWindow 7E42AF56 5 Bytes JMP 63005169
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 63004509
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!FindWindowW 7E42C9C3 5 Bytes JMP 63005A69
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 63005049
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 63004599
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!CreateWindowExA 7E42E4A9 5 Bytes JMP 630050D9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!SetWindowTextA 7E42F56B 5 Bytes JMP 63005439
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 63002A99
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!FindWindowExA 7E43214A 5 Bytes JMP 630059D9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 630053A9
    .text C:\WINDOWS\System32\svchost.exe[3956] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 63005319
    .text C:\WINDOWS\System32\svchost.exe[3956] msvcrt.dll!__p__environ 77C1F1C5 5 Bytes JMP 63001E39
    .text C:\WINDOWS\System32\svchost.exe[3956] msvcrt.dll!__p__fmode 77C1F1DB 5 Bytes JMP 63001EC9
    .text C:\WINDOWS\System32\svchost.exe[3956] msvcrt.dll!__p__winver + B 77C1F2A1 5 Bytes JMP 63005F79
    .text C:\WINDOWS\System32\svchost.exe[3956] SHELL32.dll!StrStrW 7C9E7496 5 Bytes JMP 63006009
    .text C:\WINDOWS\System32\svchost.exe[3956] SHELL32.dll!Shell_NotifyIconW 7CA2A537 5 Bytes JMP 63004629
    .text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!WEP 71AB1273 5 Bytes JMP 63006099
    .text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!GetAddrInfoW 71AB2899 5 Bytes JMP 63004F29
    .text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 630055E9
    .text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!WSASocketW 71AB404E 5 Bytes JMP 63005559
    .text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 63003DB9
    .text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!send 71AB4C27 5 Bytes JMP 630022B9
    .text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 63004FB9
    .text C:\WINDOWS\System32\svchost.exe[3956] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 63002349

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

    Device \Driver\ubohci \Device\UBOHCI0 UB1394.SYS (FireAPI® 1394 Class Driver (2003)/Unibrain S.A.)

    AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)

    Device \Driver\ubohci \Device\C1394 UB1394.SYS (FireAPI® 1394 Class Driver (2003)/Unibrain S.A.)

    AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----




    And That is the entire gmer file. i hope i did this right it seems like a lot of posts. I also removed the lavasoft antivirus like you suggested
     
    AdmSirRed,
    #17
  19. 2012/03/10
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results ". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion ", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #18
  20. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    ComboFix 12-03-10.02 - Eric 03/10/2012 18:22:50.4.4 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3454.2513 [GMT -7:00]
    Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *Enabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\docume~1\Eric\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll
    c:\documents and settings\Eric\Local Settings\temp\1.tmp\F_IN_BOX.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-09 04:59 . 2011-12-10 22:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-09 03:53 . 2012-03-09 03:53 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\QuickScan
    2012-03-09 03:39 . 2012-03-09 03:39 256573 ----a-w- c:\documents and settings\All Users\Application Data\1331263796.bdinstall.bin
    2012-03-09 03:38 . 2012-03-09 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\BDLogging
    2012-03-09 03:37 . 2008-11-08 01:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
    2012-03-09 03:36 . 2012-03-09 03:40 -------- d-----w- c:\documents and settings\Eric\Application Data\Bitdefender
    2012-03-09 03:36 . 2012-03-09 03:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Bitdefender
    2012-03-09 03:32 . 2012-03-09 03:32 -------- d-----w- c:\documents and settings\Eric\Application Data\QuickScan
    2012-03-09 03:31 . 2012-03-09 03:33 -------- d-----w- c:\program files\Bitdefender
    2012-03-09 03:31 . 2011-08-16 20:59 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
    2012-03-09 03:31 . 2011-10-27 21:07 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
    2012-03-09 03:05 . 2012-01-31 12:44 237072 ------w- c:\windows\system32\MpSigStub.exe
    2012-03-09 02:59 . 2012-03-09 03:31 -------- d-----w- c:\program files\Common Files\Bitdefender
    2012-03-09 01:44 . 2012-03-09 01:44 -------- d-----w- c:\program files\Panda Security
    2012-02-15 05:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
    2012-02-15 05:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-11 01:38 . 2008-01-01 06:16 16608 ----a-w- c:\windows\gdrv.sys
    2012-03-10 01:42 . 2008-04-14 12:00 26112 ----a-w- c:\windows\system32\userinit.exe
    2012-03-09 03:41 . 2012-01-19 00:15 609984 ----a-w- c:\windows\system32\drivers\avc3.sys
    2012-03-09 03:41 . 2012-01-19 00:15 447208 ----a-w- c:\windows\system32\drivers\avckf.sys
    2012-01-12 16:53 . 2008-04-14 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys
    2011-12-17 19:46 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-12-17 19:46 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-12-17 19:46 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-12-16 12:22 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
    2012-02-17 16:54 . 2012-01-25 00:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-12-11_15.01.56 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-09 19:04 . 2012-01-09 19:04 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
    - 2011-08-15 18:19 . 2011-08-15 18:19 21880 c:\windows\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5\Microsoft.Workflow.Compiler.exe
    + 2012-03-11 01:40 . 2012-03-11 01:40 16384 c:\windows\Temp\Perflib_Perfdata_f58.dat
    + 2012-03-11 01:38 . 2012-03-11 01:38 16384 c:\windows\Temp\Perflib_Perfdata_2a4.dat
    + 2011-02-20 06:03 . 2011-02-20 06:03 51024 c:\windows\system32\vcomp100.dll
    - 2008-04-14 12:00 . 2011-07-08 13:49 46080 c:\windows\system32\tzchange.exe
    + 2008-04-14 12:00 . 2011-11-08 13:46 46080 c:\windows\system32\tzchange.exe
    + 2008-12-06 07:21 . 2008-11-08 01:55 26144 c:\windows\system32\spupdsvc.exe
    - 2008-12-06 07:21 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
    + 2011-12-31 16:25 . 2011-05-10 14:06 42496 c:\windows\system32\ReinstallBackups\0025\DriverFiles\usbaapl.sys
    + 2008-04-14 12:00 . 2012-03-10 15:03 86810 c:\windows\system32\perfc009.dat
    - 2008-04-14 12:00 . 2011-12-11 15:05 86810 c:\windows\system32\perfc009.dat
    + 2008-04-14 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\packager.exe
    + 2008-04-14 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\mshtmled.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\mshtmled.dll
    + 2009-03-08 09:31 . 2011-12-17 19:46 55296 c:\windows\system32\msfeedsbs.dll
    - 2009-03-08 09:31 . 2011-08-22 23:48 55296 c:\windows\system32\msfeedsbs.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 81744 c:\windows\system32\mfcm100u.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 81744 c:\windows\system32\mfcm100.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 60752 c:\windows\system32\mfc100rus.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 43344 c:\windows\system32\mfc100kor.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 43856 c:\windows\system32\mfc100jpn.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 62288 c:\windows\system32\mfc100ita.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 64336 c:\windows\system32\mfc100fra.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 63824 c:\windows\system32\mfc100esn.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 55120 c:\windows\system32\mfc100enu.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 64336 c:\windows\system32\mfc100deu.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 36176 c:\windows\system32\mfc100cht.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 36176 c:\windows\system32\mfc100chs.dll
    + 2008-04-14 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
    - 2008-04-14 12:00 . 2008-04-14 12:00 23040 c:\windows\system32\mciseq.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\jsproxy.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\jsproxy.dll
    - 2011-08-13 04:02 . 2009-03-18 23:35 26176 c:\windows\system32\hamachi.sys
    + 2011-08-13 04:02 . 2009-03-19 00:35 26176 c:\windows\system32\hamachi.sys
    + 2011-12-31 16:24 . 2011-05-10 14:06 42496 c:\windows\system32\DRVSTORE\usbaapl_091115F4EDEB41DBA0EC91574CE905B4E0482482\usbaapl.sys
    + 2011-12-31 16:25 . 2011-05-10 14:06 18432 c:\windows\system32\DRVSTORE\netaapl_63AA05C4700EB9CAF2D048DAC1D06D764A0D4C41\netaapl.sys
    + 2009-07-14 17:35 . 2009-07-14 17:35 37608 c:\windows\system32\drivers\wdfldr.sys
    + 2010-01-20 01:32 . 2010-01-20 01:32 85128 c:\windows\system32\drivers\bdvedisk.sys
    + 2011-11-17 23:38 . 2011-11-17 23:38 63056 c:\windows\system32\drivers\bdsandbox.sys
    - 2011-07-12 17:20 . 2011-07-12 17:20 73064 c:\windows\system32\dnssd.dll
    + 2011-08-31 06:05 . 2011-08-31 06:05 73064 c:\windows\system32\dnssd.dll
    + 2011-08-31 06:05 . 2011-08-31 06:05 83816 c:\windows\system32\dns-sd.exe
    - 2011-07-12 17:20 . 2011-07-12 17:20 83816 c:\windows\system32\dns-sd.exe
    + 2009-10-02 15:20 . 2011-12-17 19:46 12800 c:\windows\system32\dllcache\xpshims.dll
    - 2009-10-02 15:20 . 2011-08-22 23:48 12800 c:\windows\system32\dllcache\xpshims.dll
    + 2008-04-14 12:00 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
    - 2008-04-14 12:00 . 2011-08-22 23:48 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 66560 c:\windows\system32\dllcache\mshtmled.dll
    + 2009-10-02 15:20 . 2011-12-17 19:46 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2009-10-02 15:20 . 2011-08-22 23:48 55296 c:\windows\system32\dllcache\msfeedsbs.dll
    - 2008-04-14 12:00 . 2008-04-14 12:00 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2008-04-14 12:00 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 43520 c:\windows\system32\dllcache\licmgr10.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 25600 c:\windows\system32\dllcache\jsproxy.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 25600 c:\windows\system32\dllcache\jsproxy.dll
    - 2008-04-14 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\dllcache\csrsrv.dll
    + 2008-04-14 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\dllcache\csrsrv.dll
    - 2008-04-14 12:00 . 2011-04-26 11:07 33280 c:\windows\system32\csrsrv.dll
    + 2008-04-14 12:00 . 2011-10-28 05:31 33280 c:\windows\system32\csrsrv.dll
    + 2011-03-22 00:04 . 2012-03-11 01:38 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    - 2011-03-22 00:04 . 2011-11-15 11:19 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
    + 2008-12-05 20:17 . 2012-03-11 01:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2008-12-05 20:17 . 2011-11-15 11:19 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2011-03-22 00:04 . 2011-11-15 11:19 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-02-06 22:45 . 2012-03-11 01:38 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2011-12-26 10:54 . 2011-12-26 10:54 15120 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
    + 2011-12-26 10:54 . 2011-12-26 10:54 33552 c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
    + 2011-12-25 10:49 . 2011-12-25 10:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    + 2012-01-09 19:04 . 2012-01-09 19:04 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
    - 2011-08-15 18:20 . 2011-08-15 18:20 97624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 87408 c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 93024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 35688 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
    - 2011-08-15 18:20 . 2011-08-15 18:20 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 29544 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 17784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 58240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 70040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 24928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 81272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 33144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 93576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 44920 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 24944 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 28024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 12168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 37240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 95592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 64352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 86888 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 51032 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 50552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 81784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 81800 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 39784 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 68952 c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
    + 2012-01-09 19:04 . 2012-01-09 19:04 21880 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
    + 2012-02-20 19:02 . 2012-02-20 19:02 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 12128 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 40304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 97680 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 67968 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 17240 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 78168 c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 81248 c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-02-01 23:21 . 2012-02-01 23:21 22016 c:\windows\Installer\478f22a.msi
    - 2010-06-04 09:00 . 2011-10-12 15:42 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2010-06-04 09:00 . 2012-02-20 19:05 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
    + 2012-03-09 03:37 . 2012-03-09 03:37 57344 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\texticon.exe
    + 2012-03-09 03:37 . 2012-03-09 03:37 32768 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\maintenance_icon.exe
    + 2012-03-09 03:37 . 2012-03-09 03:37 61440 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\helpicon.exe
    + 2012-03-09 03:37 . 2012-03-09 03:37 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_BF37A48D76EC3F9C577DE8.exe
    + 2012-03-09 03:37 . 2012-03-09 03:37 60558 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\_456E133B1AB6B4767C6ED0.exe
    + 2012-03-09 01:45 . 2012-03-09 01:45 23558 c:\windows\Installer\{29778A23-2B6D-46E8-82C6-5B2484033344}\_E154F4B55A9DF9C4508552.exe
    + 2012-03-09 01:45 . 2012-03-09 01:45 23558 c:\windows\Installer\{29778A23-2B6D-46E8-82C6-5B2484033344}\_7F3468D3F5831540FCCE2A.exe
    + 2012-03-09 01:45 . 2012-03-09 01:45 23558 c:\windows\Installer\{29778A23-2B6D-46E8-82C6-5B2484033344}\_6FEFF9B68218417F98F549.exe
    + 2012-02-20 19:06 . 2011-11-04 19:20 12800 c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 66560 c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 55296 c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 43520 c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 25600 c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
    + 2011-12-19 19:05 . 2011-08-22 23:48 12800 c:\windows\ie8updates\KB2618444-IE8\xpshims.dll
    + 2011-12-19 19:04 . 2011-08-22 23:48 66560 c:\windows\ie8updates\KB2618444-IE8\mshtmled.dll
    + 2011-12-19 19:04 . 2011-08-22 23:48 55296 c:\windows\ie8updates\KB2618444-IE8\msfeedsbs.dll
    + 2011-12-19 19:04 . 2011-08-22 23:48 43520 c:\windows\ie8updates\KB2618444-IE8\licmgr10.dll
    + 2011-12-19 19:04 . 2011-08-22 23:48 25600 c:\windows\ie8updates\KB2618444-IE8\jsproxy.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\4cfa0d99fd3e867fc223f2f2ec5bbd02\System.Xaml.Hosting.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\604691fa729c36593aa141b07addb1da\System.Windows.Presentation.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\424e8ca4d7f4801c44945180bbe46ca4\System.Web.DynamicData.Design.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 71680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Applicat#\df5e961346901ef1662daac2708f3888\System.Web.ApplicationServices.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\ce55cdba82e9103fc891b17d90f5a38f\System.ServiceModel.Channels.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 37888 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Workflow.#\296f7d103134885dd98e7664faef0915\Microsoft.Workflow.Compiler.ni.exe
    + 2012-02-20 19:19 . 2012-02-20 19:19 37888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
    + 2012-02-20 19:19 . 2012-02-20 19:19 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
    + 2012-02-20 19:18 . 2012-02-20 19:18 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-02-20 19:14 . 2012-02-20 19:14 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
    + 2012-02-20 19:14 . 2012-02-20 19:14 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
    + 2012-02-20 19:17 . 2012-02-20 19:17 55296 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
    + 2012-02-20 19:17 . 2012-02-20 19:17 73728 c:\windows\assembly\NativeImages_v2.0.50727_32\DriversHQ.DriverDet#\73fd69271a76e25c0af8ca08cd16e00c\DriversHQ.DriverDetective.ExceptionLogging.ni.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    + 2012-01-03 01:16 . 2012-01-03 01:16 27499 c:\windows\1C7CC8E2CFCF41E6A8637C7A45CE8A78.TMP\WiseCustomCall.dll
    - 2009-03-29 23:14 . 2011-12-08 14:42 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
    + 2009-03-29 23:14 . 2012-03-08 16:00 20480 c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
    + 2009-08-05 21:03 . 2012-03-08 16:00 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
    - 2009-08-05 21:03 . 2011-12-08 14:42 49152 c:\windows\.jagex_cache_32\runescape\jagmisc.dll
    + 2009-08-05 21:03 . 2012-03-08 16:00 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll
    - 2009-08-05 21:03 . 2011-12-08 14:42 96256 c:\windows\.jagex_cache_32\runescape\jaggl.dll
    - 2011-03-05 19:18 . 2011-12-08 14:42 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll
    + 2011-03-05 19:18 . 2012-03-08 16:00 80896 c:\windows\.jagex_cache_32\runescape\jagdx.dll
    + 2011-03-05 19:18 . 2012-03-08 16:00 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
    - 2011-03-05 19:18 . 2011-12-08 14:42 81920 c:\windows\.jagex_cache_32\runescape\hw3d.dll
    + 2011-12-19 19:01 . 2011-07-08 13:49 46080 c:\windows\$NtUninstallKB2633952$\tzchange.exe
    + 2011-12-19 19:01 . 2011-11-08 14:58 16896 c:\windows\$NtUninstallKB2633952$\spuninst\tzchange.dll
    + 2011-12-19 19:01 . 2011-04-26 11:07 33280 c:\windows\$NtUninstallKB2620712$\csrsrv.dll
    + 2012-01-16 19:01 . 2008-04-14 12:00 23040 c:\windows\$NtUninstallKB2598479$\mciseq.dll
    + 2012-01-16 19:01 . 2008-04-14 12:00 58368 c:\windows\$NtUninstallKB2584146$\packager.exe
    + 2012-01-16 19:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2646524\update\spcustom.dll
    + 2012-01-16 19:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2646524\spmsg.dll
    + 2011-12-19 19:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2639417\update\spcustom.dll
    + 2011-12-19 19:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2639417\spmsg.dll
    + 2011-12-19 19:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2633171\update\spcustom.dll
    + 2011-12-15 18:41 . 2011-10-26 10:50 16896 c:\windows\$hf_mig$\KB2633171\update\mpsyschk.dll
    + 2011-12-19 19:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2633171\spmsg.dll
    + 2012-01-16 19:04 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2631813\update\spcustom.dll
    + 2012-01-16 19:04 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2631813\spmsg.dll
    + 2011-12-19 19:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2624667\update\spcustom.dll
    + 2011-12-19 19:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2624667\spmsg.dll
    + 2011-12-19 19:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2620712\update\spcustom.dll
    + 2011-12-19 19:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2620712\spmsg.dll
    + 2011-10-28 05:31 . 2011-10-28 05:31 33280 c:\windows\$hf_mig$\KB2620712\SP3QFE\csrsrv.dll
    + 2011-12-19 19:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2619339\update\spcustom.dll
    + 2011-12-19 19:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2619339\spmsg.dll
    + 2011-12-19 19:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618451\update\spcustom.dll
    + 2011-12-19 19:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618451\spmsg.dll
    + 2011-12-19 19:05 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2618444-IE8\update\spcustom.dll
    + 2011-12-19 19:05 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2618444-IE8\spmsg.dll
    + 2011-12-15 18:41 . 2011-11-04 19:19 12800 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\xpshims.dll
     
    AdmSirRed,
    #19
  21. 2012/03/10
    AdmSirRed

    AdmSirRed Inactive Thread Starter

    Joined:
    2008/03/05
    Messages:
    96
    Likes Received:
    0
    + 2011-12-15 18:41 . 2011-11-04 19:19 66560 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtmled.dll
    + 2011-12-15 18:41 . 2011-11-04 19:19 55296 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\msfeedsbs.dll
    + 2011-12-15 18:41 . 2011-11-04 19:19 43520 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\licmgr10.dll
    + 2011-12-15 18:41 . 2011-11-04 19:19 25600 c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\jsproxy.dll
    + 2012-01-16 19:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2603381\update\spcustom.dll
    + 2012-01-16 19:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2603381\spmsg.dll
    + 2012-01-16 19:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2598479\update\spcustom.dll
    + 2012-01-16 19:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2598479\spmsg.dll
    + 2011-10-14 14:45 . 2011-10-14 14:45 23040 c:\windows\$hf_mig$\KB2598479\SP3QFE\mciseq.dll
    + 2012-01-30 19:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2585542\update\spcustom.dll
    + 2012-01-30 19:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2585542\spmsg.dll
    + 2012-01-16 19:01 . 2010-07-05 13:15 26488 c:\windows\$hf_mig$\KB2584146\update\spcustom.dll
    + 2012-01-16 19:01 . 2010-07-05 13:15 17272 c:\windows\$hf_mig$\KB2584146\spmsg.dll
    + 2011-11-18 12:41 . 2011-11-18 12:41 60416 c:\windows\$hf_mig$\KB2584146\SP3QFE\packager.exe
    - 2011-10-12 15:40 . 2011-10-12 15:40 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2011-10-12 15:40 . 2011-10-12 15:40 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
    + 2012-01-11 10:30 . 2011-11-03 18:17 4608 c:\windows\$hf_mig$\KB2603381\update\customaddreg.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 109568 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.Wrapper.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 246128 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492\System.EnterpriseServices.dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    - 2011-10-12 15:41 . 2011-10-12 15:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
    + 2009-07-12 07:02 . 2009-07-12 07:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    - 2009-07-12 06:02 . 2009-07-12 06:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
    + 2008-04-14 12:00 . 2011-11-25 21:57 293376 c:\windows\system32\winsrv.dll
    - 2008-04-14 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\winsrv.dll
    + 2008-04-14 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
    - 2008-04-14 12:00 . 2008-04-14 12:00 176128 c:\windows\system32\winmm.dll
    - 2008-04-14 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
    + 2008-04-14 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\winhttp.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\url.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\url.dll
    + 2008-04-14 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\schannel.dll
    - 2008-04-14 12:00 . 2008-04-14 12:00 386048 c:\windows\system32\qdvd.dll
    + 2008-04-14 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\qdvd.dll
    - 2008-04-14 12:00 . 2011-12-11 15:05 503600 c:\windows\system32\perfh009.dat
    + 2008-04-14 12:00 . 2012-03-10 15:03 503600 c:\windows\system32\perfh009.dat
    - 2008-04-14 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\occache.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\occache.dll
    + 2011-02-19 07:40 . 2011-02-19 07:40 773968 c:\windows\system32\msvcr100.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 421200 c:\windows\system32\msvcp100.dll
    - 2010-03-18 15:15 . 2010-03-18 15:15 421200 c:\windows\system32\msvcp100.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\mstime.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\mstime.dll
    - 2009-03-08 09:32 . 2011-08-22 23:48 602112 c:\windows\system32\msfeeds.dll
    + 2009-03-08 09:32 . 2011-12-17 19:46 602112 c:\windows\system32\msfeeds.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\iepeers.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\iepeers.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\iedkcs32.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\iedkcs32.dll
    + 2008-04-14 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\ie4uinit.exe
    - 2008-04-14 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\ie4uinit.exe
    + 2008-12-05 13:47 . 2012-02-20 20:34 116560 c:\windows\system32\FNTCACHE.DAT
    - 2008-12-05 13:47 . 2011-10-13 15:53 116560 c:\windows\system32\FNTCACHE.DAT
    + 2008-04-14 12:00 . 2011-10-18 11:13 186880 c:\windows\system32\encdec.dll
    - 2008-04-14 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\encdec.dll
    + 2009-07-14 17:35 . 2009-07-14 17:35 444136 c:\windows\system32\drivers\wdf01000.sys
    + 2011-11-15 02:16 . 2011-11-15 02:16 113616 c:\windows\system32\drivers\bdfndisf.sys
    + 2011-11-25 20:59 . 2011-11-25 20:59 240184 c:\windows\system32\drivers\avchv.sys
    + 2011-08-31 06:05 . 2011-08-31 06:05 178536 c:\windows\system32\dnssdX.dll
    - 2011-07-12 17:20 . 2011-07-12 17:20 178536 c:\windows\system32\dnssdX.dll
    - 2008-04-14 12:00 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2008-04-14 12:00 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2008-04-14 12:00 . 2008-04-14 12:00 176128 c:\windows\system32\dllcache\winmm.dll
    + 2008-04-14 12:00 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 916992 c:\windows\system32\dllcache\wininet.dll
    - 2008-04-14 12:00 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
    + 2008-04-14 12:00 . 2011-11-16 14:21 354816 c:\windows\system32\dllcache\winhttp.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 105984 c:\windows\system32\dllcache\url.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 105984 c:\windows\system32\dllcache\url.dll
    + 2008-04-14 12:00 . 2011-11-16 14:21 152064 c:\windows\system32\dllcache\schannel.dll
    + 2008-04-14 12:00 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
    - 2008-04-14 12:00 . 2008-04-14 12:00 386048 c:\windows\system32\dllcache\qdvd.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 206848 c:\windows\system32\dllcache\occache.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 206848 c:\windows\system32\dllcache\occache.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 611840 c:\windows\system32\dllcache\mstime.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 611840 c:\windows\system32\dllcache\mstime.dll
    - 2009-10-02 15:20 . 2011-08-22 23:48 602112 c:\windows\system32\dllcache\msfeeds.dll
    + 2009-10-02 15:20 . 2011-12-17 19:46 602112 c:\windows\system32\dllcache\msfeeds.dll
    - 2009-10-02 15:20 . 2011-08-22 23:48 247808 c:\windows\system32\dllcache\ieproxy.dll
    + 2009-10-02 15:20 . 2011-12-17 19:46 247808 c:\windows\system32\dllcache\ieproxy.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 184320 c:\windows\system32\dllcache\iepeers.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 184320 c:\windows\system32\dllcache\iepeers.dll
    - 2010-06-11 18:21 . 2011-08-22 23:48 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2010-06-11 18:21 . 2011-12-17 19:46 743424 c:\windows\system32\dllcache\iedvtool.dll
    + 2008-04-14 12:00 . 2011-12-17 19:46 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-04-14 12:00 . 2011-08-22 23:48 387584 c:\windows\system32\dllcache\iedkcs32.dll
    - 2008-04-14 12:00 . 2011-08-22 11:56 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-04-14 12:00 . 2011-12-16 12:23 174080 c:\windows\system32\dllcache\ie4uinit.exe
    + 2008-04-14 12:00 . 2011-10-18 11:13 186880 c:\windows\system32\dllcache\encdec.dll
    - 2008-04-14 12:00 . 2011-02-09 13:53 186880 c:\windows\system32\dllcache\encdec.dll
    + 2007-04-11 17:11 . 2007-04-11 17:11 511328 c:\windows\system32\capicom.dll
    + 2011-02-20 06:03 . 2011-02-20 06:03 138056 c:\windows\system32\atl100.dll
    + 2011-12-26 10:54 . 2011-12-26 10:54 496400 c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine4.dll
    + 2011-12-26 11:39 . 2011-12-26 11:39 192792 c:\windows\Microsoft.NET\Framework\v4.0.30319\ServiceModelReg.exe
    + 2011-12-25 10:49 . 2011-12-25 10:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 350592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClientsideProviders\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClientsideProviders.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 163168 c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationClient\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationClient.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 138592 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Linq.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 699224 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml\v4.0_4.0.0.0__b77a5c561934e089\System.Xaml.dll
    - 2011-08-15 18:20 . 2011-08-15 18:20 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 431984 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.WorkflowServices\v4.0_4.0.0.0__31bf3856ad364e35\System.WorkflowServices.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    - 2011-08-15 18:20 . 2011-08-15 18:20 511344 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Workflow.Runtime\v4.0_4.0.0.0__31bf3856ad364e35\System.Workflow.Runtime.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 857960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Services\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 826208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Mobile\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 321912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.Design.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 137568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 132464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Web.Entity.Design.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 237928 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 675672 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Speech\v4.0_4.0.0.0__31bf3856ad364e35\System.Speech.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 113512 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 316272 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Web\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Web.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 129912 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Routing.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 390008 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Discovery\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Discovery.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 505208 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activities\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activities.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 170872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Activation\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Activation.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 261472 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 122264 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 291184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 349568 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Runtime.DurableInstancing.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 231760 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Net\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Net.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 253280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Messaging\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 378720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 134528 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Instrumentation\v4.0_4.0.0.0__b77a5c561934e089\System.Management.Instrumentation.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 123736 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Log\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.IO.Log.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 392552 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 125816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel.Selectors\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 120152 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 607064 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 395120 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 182144 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.Protocols\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 285072 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices.AccountManagement\v4.0_4.0.0.0__b77a5c561934e089\System.DirectoryServices.AccountManagement.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 829280 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Deployment\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 747360 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.SqlXml\v4.0_4.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 683368 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 178040 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Design.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 436600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Services.Client\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Services.Client.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 683872 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Linq\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Linq.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 804720 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.Entity.Design\v4.0_4.0.0.0__b77a5c561934e089\System.Data.Entity.Design.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 409448 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 210816 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.Composition\v4.0_4.0.0.0__b77a5c561934e089\System.ComponentModel.Composition.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 149848 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn\v4.0_4.0.0.0__b77a5c561934e089\System.AddIn.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 122248 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.DurableInstancing\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.DurableInstancing.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 525704 c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Activities.Core.Presentation\v4.0_4.0.0.0__31bf3856ad364e35\System.Activities.Core.Presentation.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 112976 c:\windows\Microsoft.NET\assembly\GAC_MSIL\sysglobl\v4.0_4.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 581464 c:\windows\Microsoft.NET\assembly\GAC_MSIL\ReachFramework\v4.0_4.0.0.0__31bf3856ad364e35\ReachFramework.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 832856 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationUI\v4.0_4.0.0.0__31bf3856ad364e35\PresentationUI.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 194424 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Royale\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Royale.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 478576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Luna\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Luna.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 167288 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Classic\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Classic.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 232304 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationFramework.Aero\v4.0_4.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    - 2011-08-15 18:20 . 2011-08-15 18:20 587624 c:\windows\Microsoft.NET\assembly\GAC_MSIL\PresentationBuildTasks\v4.0_4.0.0.0__31bf3856ad364e35\PresentationBuildTasks.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 661352 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 349576 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 387960 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Transactions.Bridge\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 746336 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.JScript\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-10-12 15:31 . 2011-10-12 15:31 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 505184 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 220024 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Utilities.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.v4.0.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 107376 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Framework\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 714600 c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Engine\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 498520 c:\windows\Microsoft.NET\assembly\GAC_MSIL\AspNetMMCExt\v4.0_4.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 269672 c:\windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 334688 c:\windows\Microsoft.NET\assembly\GAC_32\System.Printing\v4.0_4.0.0.0__31bf3856ad364e35\System.Printing.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 109568 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
    + 2012-02-20 19:02 . 2012-02-20 19:02 246128 c:\windows\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
    + 2012-01-09 19:04 . 2012-01-09 19:04 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2011-08-15 18:19 . 2011-08-15 18:19 495984 c:\windows\Microsoft.NET\assembly\GAC_32\System.Data.OracleClient\v4.0_4.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    - 2011-10-12 15:32 . 2011-10-12 15:32 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 170368 c:\windows\Microsoft.NET\assembly\GAC_32\Microsoft.Transactions.Bridge.Dtc\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Transactions.Bridge.Dtc.dll
    + 2012-03-09 03:34 . 2012-03-09 03:34 160768 c:\windows\Installer\cdcc2.msi
    + 2011-12-25 12:40 . 2011-12-25 12:40 819200 c:\windows\Installer\22a4f77c.msp
    + 2012-03-09 03:02 . 2012-03-09 03:02 301056 c:\windows\Installer\1efac6d.msi
    + 2012-03-09 01:45 . 2012-03-09 01:45 191488 c:\windows\Installer\1a83137.msi
    + 2012-01-25 00:36 . 2012-01-25 00:36 380928 c:\windows\Installer\{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}\iTunesIco.exe
    + 2012-03-09 03:37 . 2012-03-09 03:37 156374 c:\windows\Installer\{2AB9289D-6432-4CC0-8869-A195C3F0CFCC}\register_icon.exe
    + 2012-02-20 19:06 . 2011-11-04 19:20 916992 c:\windows\ie8updates\KB2647516-IE8\wininet.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 105984 c:\windows\ie8updates\KB2647516-IE8\url.dll
    + 2012-02-20 19:06 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
    + 2012-02-20 19:06 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
    + 2012-02-20 19:06 . 2011-11-04 19:20 206848 c:\windows\ie8updates\KB2647516-IE8\occache.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 611840 c:\windows\ie8updates\KB2647516-IE8\mstime.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 602112 c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 247808 c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 184320 c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 743424 c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
    + 2012-02-20 19:06 . 2011-11-04 19:20 387584 c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
    + 2012-02-20 19:06 . 2011-11-04 11:24 174080 c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
    + 2011-12-19 19:04 . 2011-08-22 23:48 916480 c:\windows\ie8updates\KB2618444-IE8\wininet.dll
    + 2011-12-19 19:04 . 2011-08-22 23:48 105984 c:\windows\ie8updates\KB2618444-IE8\url.dll
    + 2011-12-19 19:05 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2618444-IE8\spuninst\updspapi.dll
    + 2011-12-19 19:05 . 2010-07-05 13:15 231288 c:\windows\ie8updates\KB2618444-IE8\spuninst\spuninst.exe
    + 2011-12-19 19:04 . 2011-08-22 23:48 206848 c:\windows\ie8updates\KB2618444-IE8\occache.dll
    + 2011-12-19 19:04 . 2011-08-22 23:48 611840 c:\windows\ie8updates\KB2618444-IE8\mstime.dll
    + 2011-12-19 19:04 . 2011-08-22 23:48 602112 c:\windows\ie8updates\KB2618444-IE8\msfeeds.dll
    + 2011-12-19 19:05 . 2011-08-22 23:48 247808 c:\windows\ie8updates\KB2618444-IE8\ieproxy.dll
    + 2011-12-19 19:04 . 2011-08-22 23:48 184320 c:\windows\ie8updates\KB2618444-IE8\iepeers.dll
    + 2011-12-19 19:05 . 2011-08-22 23:48 743424 c:\windows\ie8updates\KB2618444-IE8\iedvtool.dll
    + 2011-12-19 19:05 . 2011-08-22 23:48 387584 c:\windows\ie8updates\KB2618444-IE8\iedkcs32.dll
    + 2011-12-19 19:05 . 2011-08-22 11:56 174080 c:\windows\ie8updates\KB2618444-IE8\ie4uinit.exe
    + 2012-02-20 19:20 . 2012-02-20 19:20 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\d20ad8f0a8ae4396393e1f12acb68546\XamlBuildTask.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 356864 c:\windows\assembly\NativeImages_v4.0.30319_32\WsatConfig\05519155c428dd154d4d948d7c232427\WsatConfig.ni.exe
    + 2012-02-20 19:13 . 2012-02-20 19:13 252416 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\5b2066cece646c758c73a13cca7c82b7\WindowsFormsIntegration.ni.dll
    + 2012-02-20 19:13 . 2012-02-20 19:13 482816 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\1bc856ec98668f28b06dc195e6f73603\UIAutomationClient.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 391680 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\8a6f500c40e3fa7da71110af6c0a60ac\System.Xml.Linq.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 188928 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Inpu#\ca11ffdc7fa5af9ba6902d72b0b932c2\System.Windows.Input.Manipulations.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\0f9b1fb6e45b53adb5cb15e6ee4c3924\System.Windows.Forms.DataVisualization.Design.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 224256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.RegularE#\9d010b26cae10628874cb8ff61cc52af\System.Web.RegularExpressions.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\ba6a1c633c78faeadb3964fa3db07513\System.Web.Extensions.Design.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\533d991b3590f1347e7b727941335c55\System.Web.Entity.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\2daf972ea44ef790b2e329a5e41a398f\System.Web.Entity.Design.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\585c4aabbec8a372b5e8c198e4854c0f\System.Web.DynamicData.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 260096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\ef1f49de0f7db7644d2c32fd40147339\System.Web.DataVisualization.Design.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 646656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\c3a03bb69e38f5ed9ebce72d48a722ef\System.Transactions.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 221696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d7fbfc6836ce7e53486ddb79b598ca8d\System.ServiceProcess.ni.dll
    + 2012-02-20 19:12 . 2012-02-20 19:12 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f1a00750deae84241a140f4e4233fe71\System.ServiceModel.Routing.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\73a9874c15a0abf44b5db8aab1fe4dce\System.ServiceModel.Activation.ni.dll
    + 2012-02-20 19:04 . 2012-02-20 19:04 729088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\09ee8d91e80e00991226aec062aa1e92\System.Security.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 771584 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9b6e07791d63f180b725744b37edfd39\System.Runtime.Remoting.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 241664 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Cach#\bdd675ae53cdf3ac2225468388f396ca\System.Runtime.Caching.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 653312 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\ecf10c574f8bd9a05b021e7880a1041c\System.Net.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\f751ad889c61578ae7e1d656e798cd72\System.Messaging.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\98ec4a836fdbe4d88306206d6fc326ec\System.Management.Instrumentation.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\3aada4dce5c9f819d192b0bba0a298bc\System.IO.Log.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\015d3fcedc60e04e3fce6aa3b63057d9\System.IdentityModel.Selectors.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 236032 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.Wrapper.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 786944 c:\windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\47a2b7b2fa872de3078d49d0a4c10cb2\System.EnterpriseServices.ni.dll
    + 2012-02-20 19:04 . 2012-02-20 19:04 377344 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\30bdf637fad5e84fc46d7322f487c801\System.Dynamic.ni.dll
    + 2012-02-20 19:04 . 2012-02-20 19:04 224768 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing.Desi#\55f621652cd3b962fd8dac08ba1d4934\System.Drawing.Design.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 468992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\e05bc4bfe46686b77f1e28b466f79363\System.DirectoryServices.Protocols.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\9ada0ce9819a2eeb6d3b7d4942cf278f\System.DirectoryServices.AccountManagement.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\fa66f17c3937c91c1b480c24aa602812\System.Device.ni.dll
    + 2012-02-20 19:11 . 2012-02-20 19:11 508416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\63c40de47bb41198fa1786142223861d\System.Data.Services.Design.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\8b353356367e7da5d31e49057a59c749\System.Data.DataSetExtensions.ni.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 980480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\363b05dd092178671e56531a9c4999b6\System.Configuration.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 148480 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\8e28c1bf907bc67c6685db26050c19bd\System.Configuration.Install.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\ac4bd5fece3ee7b1632817a509bcd909\System.ComponentModel.DataAnnotations.ni.dll
    + 2012-02-20 19:04 . 2012-02-20 19:04 690176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\768ccd38c2bf1f7045e79ac03cb679f1\System.ComponentModel.Composition.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 617984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\266d00e0694b48964ead82a67657462b\System.AddIn.ni.dll
    + 2012-02-20 19:09 . 2012-02-20 19:09 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\754d38ef09a80e6bc721a0039d72b65b\System.Activities.DurableInstancing.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 317952 c:\windows\assembly\NativeImages_v4.0.30319_32\SMSvcHost\024df3845eee3a86a396d972162fffc4\SMSvcHost.ni.exe
    + 2012-02-20 19:09 . 2012-02-20 19:09 142848 c:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\ba4bc24df463a622c0e918d8c49672ed\SMDiagnostics.ni.dll
    + 2012-02-20 19:04 . 2012-02-20 19:04 450560 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\daec0a92c216faca879f205a2e8e8169\PresentationFramework.Aero.ni.dll
    + 2012-02-20 19:04 . 2012-02-20 19:04 656896 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\942a5e3ee871f5f4a323d95505f9667c\PresentationFramework.Luna.ni.dll
    + 2012-02-20 19:03 . 2012-02-20 19:03 327680 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\65bd29660d00ac08c14edad26ce38e2c\PresentationFramework.Royale.ni.dll
    + 2012-02-20 19:04 . 2012-02-20 19:04 284160 c:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\446fc2e471272940ddac8c8c949000cf\PresentationFramework.Classic.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 274432 c:\windows\assembly\NativeImages_v4.0.30319_32\MSBuild\b170601bfe8cde2cead79961480b7e4f\MSBuild.ni.exe
    + 2012-02-20 19:08 . 2012-02-20 19:08 219136 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualBas#\701d1c12f832802520df71a1fff57b12\Microsoft.VisualBasic.Compatibility.Data.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 418816 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Transacti#\d6386aaa2c8ab67caaee9684c3842c04\Microsoft.Transactions.Bridge.Dtc.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 631808 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Uti#\36330de8cde960b7d3bec7dbe1231db2\Microsoft.Build.Utilities.v4.0.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 258048 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Fra#\3453f6201843fdfc6d2ac069c467dc84\Microsoft.Build.Framework.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 135680 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.Build.Con#\e42d59aac3d8e773efa64f5ba215c9c3\Microsoft.Build.Conversion.v4.0.ni.dll
    + 2012-02-20 19:08 . 2012-02-20 19:08 474624 c:\windows\assembly\NativeImages_v4.0.30319_32\ComSvcConfig\0f8c22531e68be9cb2448b66e9837f75\ComSvcConfig.ni.exe
    + 2012-02-20 19:08 . 2012-02-20 19:08 851968 c:\windows\assembly\NativeImages_v4.0.30319_32\AspNetMMCExt\3d51fcb4e792ab05fe48d21fc61f4b23\AspNetMMCExt.ni.dll
    + 2012-02-20 19:17 . 2012-02-20 19:17 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\XPBurnComponent\b8f27c43b77996060eec2b3ee4ff61ab\XPBurnComponent.ni.dll
    + 2012-02-20 19:18 . 2012-02-20 19:18 321536 c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
    + 2012-02-20 19:16 . 2012-02-20 19:16 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
    + 2012-02-20 19:16 . 2012-02-20 19:16 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
    + 2012-02-20 19:19 . 2012-02-20 19:19 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
    + 2012-02-20 19:19 . 2012-02-20 19:19 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
    + 2012-02-20 19:17 . 2012-02-20 19:17 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
    + 2012-02-20 19:19 . 2012-02-20 19:19 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
    + 2012-02-20 19:19 . 2012-02-20 19:19 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
    + 2012-02-20 19:19 . 2012-02-20 19:19 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
    + 2012-02-20 19:19 . 2012-02-20 19:19 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
    + 2012-02-20 19:19 . 2012-02-20 19:19 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
    + 2012-02-20 19:17 . 2012-02-20 19:17 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
    + 2012-02-20 19:17 . 2012-02-20 19:17 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
     
    AdmSirRed,
    #20
Page 1 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...