GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-07-28 23:15:59 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.14 ---- SSDT 83939000 ZwAssignProcessToJobObject SSDT 83939005 ZwConnectPort SSDT 8393900A ZwCreateFile SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF778DB48] SSDT 8393900F ZwCreateProcess SSDT 83939014 ZwCreateProcessEx SSDT 83939019 ZwCreateThread SSDT 8393901E ZwDebugActiveProcess SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF778DD38] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF778DDDA] SSDT 83939023 ZwDuplicateObject SSDT 83939028 ZwLoadDriver SSDT 8393902D ZwOpenKey SSDT 83939032 ZwOpenSection SSDT 83939037 ZwOpenThread SSDT 83939041 ZwProtectVirtualMemory SSDT 8393903C ZwResumeThread SSDT 83939046 ZwSecureConnectPort SSDT 8393904B ZwSetValueKey SSDT 83939050 ZwSuspendProcess SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF3D41F20] SSDT 8393905A ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. ! ? C:\ComboFix\catchme.sys The system cannot find the path specified. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. ! ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\system32\spoolsv.exe[228] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[228] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[228] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[228] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\spoolsv.exe[228] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\spoolsv.exe[228] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[228] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\spoolsv.exe[228] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\spoolsv.exe[228] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\spoolsv.exe[228] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\spoolsv.exe[228] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\spoolsv.exe[228] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\spoolsv.exe[228] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\spoolsv.exe[228] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\spoolsv.exe[228] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\spoolsv.exe[228] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spoolsv.exe[228] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\spoolsv.exe[228] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe[536] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\PSIService.exe[636] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PSIService.exe[636] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\PSIService.exe[636] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PSIService.exe[636] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\PSIService.exe[636] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\PSIService.exe[636] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\PSIService.exe[636] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\PSIService.exe[636] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\PSIService.exe[636] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\PSIService.exe[636] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\PSIService.exe[636] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\PSIService.exe[636] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\PSIService.exe[636] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\PSIService.exe[636] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\PSIService.exe[636] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\PSIService.exe[636] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\PSIService.exe[636] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\PSIService.exe[636] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe[668] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[672] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[776] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\services.exe[776] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\services.exe[776] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\services.exe[776] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\services.exe[776] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\services.exe[776] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\services.exe[776] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\services.exe[776] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\services.exe[776] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\services.exe[776] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[788] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\lsass.exe[788] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\lsass.exe[788] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\lsass.exe[788] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\lsass.exe[788] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\lsass.exe[788] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\lsass.exe[788] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\lsass.exe[788] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Bonjour\mDNSResponder.exe[904] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\Bonjour\mDNSResponder.exe[904] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Bonjour\mDNSResponder.exe[904] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[904] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[944] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[944] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[944] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[944] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[944] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[988] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F520F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F490F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1040] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1088] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\svchost.exe[1088] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\System32\svchost.exe[1088] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\svchost.exe[1088] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\svchost.exe[1088] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1088] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\svchost.exe[1088] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[1120] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[1120] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[1120] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\nvsvc32.exe[1120] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\svchost.exe[1144] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\svchost.exe[1212] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\svchost.exe[1212] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\svchost.exe[1212] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[1212] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[1252] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[1252] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[1252] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wscntfy.exe[1252] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F520F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F490F5A .text C:\Program Files\Logitech\Video\FxSvr2.exe[1288] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F4C0F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe[1328] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1500] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1536] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\svchost.exe[1536] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\svchost.exe[1536] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\System32\svchost.exe[1536] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\svchost.exe[1536] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\svchost.exe[1536] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\System32\svchost.exe[1536] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\System32\svchost.exe[1536] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\svchost.exe[1536] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\svchost.exe[1536] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\svchost.exe[1536] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\svchost.exe[1536] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Verizon\McciTrayApp.exe[1608] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\Verizon\McciTrayApp.exe[1608] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Verizon\McciTrayApp.exe[1608] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\Verizon\McciTrayApp.exe[1608] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1780] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1780] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1780] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\wuauclt.exe[1780] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1876] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\devldr32.exe[1888] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\devldr32.exe[1888] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\devldr32.exe[1888] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\devldr32.exe[1888] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\devldr32.exe[1888] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\devldr32.exe[1888] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\devldr32.exe[1888] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\devldr32.exe[1888] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\devldr32.exe[1888] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\devldr32.exe[1888] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\devldr32.exe[1888] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\devldr32.exe[1888] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\devldr32.exe[1888] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\devldr32.exe[1888] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\devldr32.exe[1888] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\devldr32.exe[1888] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\devldr32.exe[1888] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\devldr32.exe[1888] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F4C0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F490F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F4F0F5A .text C:\Documents and Settings\default\Desktop\gmer.exe[2056] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F520F5A .text C:\WINDOWS\explorer.exe[2140] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2140] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\explorer.exe[2140] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2140] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\explorer.exe[2140] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\explorer.exe[2140] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\explorer.exe[2140] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\explorer.exe[2140] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\explorer.exe[2140] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\explorer.exe[2140] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\explorer.exe[2140] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\explorer.exe[2140] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\explorer.exe[2140] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\explorer.exe[2140] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\explorer.exe[2140] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\explorer.exe[2140] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\explorer.exe[2140] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\explorer.exe[2140] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\Verizon\Servicepoint\VerizonServicepoint.exe[2160] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\WgaTray.exe[2268] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\WgaTray.exe[2268] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\WgaTray.exe[2268] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\WgaTray.exe[2268] WININET.dll!InternetErrorDlg 7722C5C5 5 Bytes JMP 0101211B C:\WINDOWS\system32\WgaTray.exe (Windows Genuine Advantage Notification/Microsoft Corporation) .text C:\Program Files\iPod\bin\iPodService.exe[2280] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\iPod\bin\iPodService.exe[2280] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\iPod\bin\iPodService.exe[2280] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\iPod\bin\iPodService.exe[2280] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\iPod\bin\iPodService.exe[2280] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\HP\hpcoretech\hpcmpmgr.exe[2428] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] USER32.DLL!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] USER32.DLL!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] USER32.DLL!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] USER32.DLL!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] USER32.DLL!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] USER32.DLL!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] USER32.DLL!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] ADVAPI32.DLL!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] ADVAPI32.DLL!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F520F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F490F5A .text C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe[2636] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[2832] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe[2904] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[2960] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[2960] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[2960] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F490F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F520F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F4C0F5A .text C:\Program Files\internet explorer\iexplore.exe[2960] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F520F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F490F5A .text C:\Program Files\Netropa\Onscreen Display\OSD.exe[3212] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F4C0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\iTunes\iTunesHelper.exe[3460] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\iTunes\iTunesHelper.exe[3460] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\iTunes\iTunesHelper.exe[3460] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F520F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F4F0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F490F5A .text C:\Program Files\iTunes\iTunesHelper.exe[3460] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\System32\alg.exe[3488] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3488] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\System32\alg.exe[3488] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3488] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\alg.exe[3488] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\alg.exe[3488] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\alg.exe[3488] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\alg.exe[3488] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\alg.exe[3488] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\alg.exe[3488] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\System32\alg.exe[3488] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\System32\alg.exe[3488] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\alg.exe[3488] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[3488] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\System32\alg.exe[3488] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\alg.exe[3488] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\alg.exe[3488] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\alg.exe[3488] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe[3524] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe[3588] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\LVCOMSX.EXE[3636] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\Program Files\ThreatFire\TFTray.exe[3744] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 41, 5F ] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2F, 5F ] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F310F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F340F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F280F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F370F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F3A0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F460F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F3D0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F2B0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F430F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F520F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F4F0F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F490F5A .text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[3876] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F4C0F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\Program Files\Logitech\Video\LogiTray.exe[3916] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4D, 5F ] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3B, 5F ] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] USER32.dll!SetWinEventHook 7E4317B7 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe[4092] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F2B0F5A ---- Devices - GMER 1.0.14 ---- AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\Udp pctfw2.sys (PC Tools TDI Driver/PC Tools) AttachedDevice \Driver\Tcpip \Device\RawIp pctfw2.sys (PC Tools TDI Driver/PC Tools) AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) ---- EOF - GMER 1.0.14 ----