Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

NTOSKRNL-HOOK trojan - Driving me mad


  • Please log in to reply

#1
barryg

barryg

    New Member

  • Member
  • Pip
  • 7 posts
Hi - I hope someone can help here, this is driving me mad.

When I boot up the laptop I constantly get the 'blue screen' and can only open in safe mode. Below is the windoes error log of the blue screen




Problem signature
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 2057

Files that help describe the problem (some files may no longer be available)
Mini053009-09.dmp
sysdata.xml
Version.txt

View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Extra information about the problem
BCCode: 1000008e
BCP1: C0000005
BCP2: 87B757DA
BCP3: 90E0200C
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 768_1
Server information: abed26e5-eea6-411b-a1ee-3fc82e84705a



When I run mcafee scan it finds 2 entries for the trojan and says it has removced. When I boot bac k up the same happens. Clearly, the trojan has not been removed - aarrghh! can only get online in safe mode and in fact do anything in safe mode!!

Any help would be great
Thanks
Barry
  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello barryg

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
barryg

barryg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi Kahdah

I ran the OTL prgramme, here's the results

OTL logfile created on: 31/05/2009 21:02:28 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Barry\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.40% Memory free
4.00 Gb Paging File | 3.66 Gb Available in Paging File | 91.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.50 Gb Total Space | 32.76 Gb Free Space | 34.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 90.35 Gb Total Space | 26.16 Gb Free Space | 28.95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARRY-LAPTOP
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Users\Barry\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (AgereModemAudio [Auto | Stopped]) -- C:\Windows\system32\agrsmsvc.exe (Agere Systems)
SRV - (Apple Mobile Device [Auto | Stopped]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Automatic LiveUpdate Scheduler [Auto | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (Bonjour Service [Auto | Stopped]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CFSvcs [Auto | Stopped]) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [Auto | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (IAANTMON [Auto | Stopped]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KService [Auto | Stopped]) -- C:\Program Files\Kontiki\KService.exe (Kontiki Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (McAfee SiteAdvisor Service [Auto | Stopped]) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (mcmscsvc [Auto | Running]) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McNASvc [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McODS [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy [Auto | Stopped]) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McShield [Unknown | Stopped]) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon [On_Demand | Stopped]) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService [Auto | Running]) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (RapiMgr [Auto | Stopped]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (SBSDWSCService [Auto | Stopped]) -- C:\Program Files\Spybot\SDWinSec.exe (Safer Networking Ltd.)
SRV - (sdAuxService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [Auto | Running]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (sprtsvc_O2 [Auto | Stopped]) -- C:\Program Files\O2\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Steam Client Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (TemproMonitoringService [Auto | Stopped]) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH)
SRV - (TNaviSrv [Auto | Stopped]) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TODDSrv [Auto | Stopped]) -- C:\Windows\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv [Auto | Stopped]) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TOSHIBA Bluetooth Service [Auto | Stopped]) -- c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (UleadBurningHelper [Auto | Stopped]) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (WcesComm [Auto | Stopped]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Stopped]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (alcan5wn [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\alcan5wn.sys (THOMSON multimedia)
DRV - (alcaudsl [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\alcaudsl.sys (THOMSON multimedia)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ggflt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (ggsemc [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (igfx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\igdkmd32.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Stopped]) -- C:\Windows\system32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (KR10I [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (KR10N [Disabled | Stopped]) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (mfeavfk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfebopk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk [System | Running]) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mferkdk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (mfesmfk [On_Demand | Stopped]) -- C:\Windows\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (MPFP [System | Running]) -- C:\Windows\System32\Drivers\Mpfp.sys (McAfee, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw3v32 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\NETw3v32.sys (Intel® Corporation)
DRV - (NETw4v32 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\NETw4v32.sys (Intel Corporation)
DRV - (NETw5v32 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\NETw5v32.sys (Intel Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NWUSBModem [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\nwusbser.sys (Novatel Wireless Inc.)
DRV - (QIOMem [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\QIOMem.sys (TOSHIBA)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\system32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\system32\DRIVERS\rixdptsk.sys (REDC)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (s116bus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s116bus.sys (MCCI Corporation)
DRV - (s116mdfl [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s116mdfl.sys (MCCI Corporation)
DRV - (s116mdm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s116mdm.sys (MCCI Corporation)
DRV - (s116mgmt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s116mgmt.sys (MCCI Corporation)
DRV - (s116unic [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s116unic.sys (MCCI Corporation)
DRV - (s3017bus [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s3017bus.sys (MCCI Corporation)
DRV - (s3017mdfl [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s3017mdfl.sys (MCCI Corporation)
DRV - (s3017mdm [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s3017mdm.sys (MCCI Corporation)
DRV - (s3017mgmt [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s3017mgmt.sys (MCCI Corporation)
DRV - (s3017nd5 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s3017nd5.sys (MCCI Corporation)
DRV - (s3017obex [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s3017obex.sys (MCCI Corporation)
DRV - (s3017unic [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\s3017unic.sys (MCCI Corporation)
DRV - (secdrv [Auto | Stopped]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (swivsp [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\swivspnt.sys (Sierra Wireless Inc.)
DRV - (swmsflt [On_Demand | Stopped]) -- C:\Windows\System32\drivers\swmsflt.sys ()
DRV - (SWNC8U80 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (SWUMX80 [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\swumx80.sys (Sierra Wireless Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (tdcmdpst [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (tosporte [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfbd [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Stopped]) -- C:\Windows\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfec [On_Demand | Running]) -- C:\Windows\system32\DRIVERS\tosrfec.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\Windows\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tos_sps32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (TVALZ [Boot | Running]) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\Windows\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (UVCFTR [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5
FF - prefs.js..extensions.enabledItems: {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.5.5
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10


FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD [2008/04/12 15:27:19 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\PROGRAM FILES\MCAFEE\SITEADVISOR [2009/05/19 18:17:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/02/12 17:05:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/04 20:25:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/04 20:25:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/05/12 21:39:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS

[2008/07/27 18:54:39 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Extensions
[2008/07/27 18:54:39 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/31 20:57:34 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\mq4hvli9.default\extensions
[2009/05/27 16:42:09 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\mq4hvli9.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/05/12 11:49:34 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\mq4hvli9.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2009/01/17 13:52:17 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\mq4hvli9.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/05/30 11:02:50 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\mq4hvli9.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/04/20 19:30:23 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\mq4hvli9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/04 20:26:19 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\mq4hvli9.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2008/07/27 18:55:18 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\mozilla\Firefox\Profiles\mq4hvli9.default\extensions\[email protected]
[2009/05/31 20:57:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/04 20:25:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/26 14:08:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/01/19 20:11:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/27 18:47:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/01/04 17:33:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/05/04 20:25:35 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/04 20:25:35 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/01/19 20:02:16 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/01/19 20:02:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/01/19 20:02:17 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/01/19 20:02:17 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/01/19 20:02:17 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/01/19 20:02:17 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/01/19 20:02:17 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/01/19 20:02:17 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (229841 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 8060 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all (Kontiki Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AirCardEnabler] File not found
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" (Chicony)
O4 - HKLM..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto (Interactive Digital Media)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" (PC Tools)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [kdx] "C:\Program Files\Kontiki\KHost.exe" -all (Kontiki Inc.)
O4 - HKLM..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s (O2)
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon (THOMSON multimedia)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [Toshiba TEMPO] C:\Program Files\Toshiba TEMPO\Toshiba.Tempo.UI.TrayApplication.exe File not found
O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4 - HKLM..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TRUUpdater] "C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] "C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe" (Sierra Wireless Inc.)
O4 - HKLM..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc.)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Users\Barry\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (Kontiki Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TOSCDSPD] TOSCDSPD.EXE File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [@%SystemRoot%\system32\wshtcpip.dll,-60103] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [NTDS] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000044 - C:\Windows\system32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKCU\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} http://cdn.scan.onec...s/wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} http://download.yaho...alls/yab_af.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} http://photos.yahoo....plorer1_9us.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\system32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\system32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{05f9c168-3d41-11de-a487-00037aa499bd}\Shell - "" = AutoRun
O33 - MountPoints2\{05f9c168-3d41-11de-a487-00037aa499bd}\Shell\AutoRun\command - "" = D:\WIN\setup.exe -- File not found
O33 - MountPoints2\{37ed2489-63ea-11dd-9cd9-00037aa499bd}\Shell - "" = AutoRun
O33 - MountPoints2\{37ed2489-63ea-11dd-9cd9-00037aa499bd}\Shell\AutoRun\command - "" = G:\LiteAuto.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LiteAuto.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LiteAuto.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/31 20:57:34 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/05/31 09:00:40 | 00,008,212 | ---- | C] () -- C:\Windows\mfebcdata
[2009/05/30 14:13:34 | 21,758,1896 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/05/30 11:05:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/05/28 20:26:15 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009/05/28 20:24:53 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009/05/27 17:00:03 | 00,000,262 | -H-- | C] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/05/27 14:37:12 | 00,000,000 | ---D | C] -- C:\RECYCLER
[2009/05/24 14:14:42 | 00,002,047 | ---- | C] () -- C:\Users\Public\Desktop\Sky Player.lnk
[2009/05/24 14:14:33 | 00,000,000 | ---D | C] -- C:\Program Files\Sky
[2009/05/24 14:14:32 | 00,000,000 | ---D | C] -- C:\ProgramData\Sky
[2009/05/19 18:27:21 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/05/19 18:27:14 | 00,000,000 | ---D | C] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/05/19 18:27:14 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/05/19 09:42:51 | 00,001,872 | ---- | C] () -- C:\Users\Barry\Desktop\Toshiba TEMPRO Alerts.lnk
[2009/05/19 09:42:36 | 00,000,000 | ---D | C] -- C:\Program Files\Toshiba TEMPRO
[2009/05/18 17:44:54 | 00,000,000 | ---D | C] -- C:\ProgramData\SupportSoft
[2009/05/18 17:44:38 | 00,002,046 | ---- | C] () -- C:\Users\Barry\Desktop\O2 Broadband Assistant.lnk
[2009/05/18 17:44:12 | 00,000,728 | ---- | C] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/05/18 17:43:34 | 00,000,000 | ---D | C] -- C:\Program Files\O2
[2009/05/18 17:33:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SupportSoft
[2009/05/14 14:58:51 | 00,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2009/05/12 10:58:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/05/12 10:57:48 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/05/12 09:45:02 | 00,159,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/05/11 19:09:20 | 00,026,760 | ---- | C] () -- C:\Windows\System32\drivers\swmsflt.sys
[2009/05/11 19:09:20 | 00,002,026 | ---- | C] () -- C:\Users\Public\Desktop\3G Watcher.lnk
[2009/05/11 19:03:01 | 00,000,000 | ---D | C] -- C:\Users\Barry\AppData\Roaming\Sierra Wireless
[2009/05/11 19:03:01 | 00,000,000 | ---D | C] -- C:\Program Files\Sierra Wireless Inc
[2009/05/11 07:31:03 | 00,130,936 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/05/11 07:31:03 | 00,073,840 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/05/11 07:30:28 | 00,064,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/03/05 06:54:58 | 00,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2008/08/06 20:47:13 | 00,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2008/05/07 18:48:43 | 00,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/04/12 15:31:25 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/03/15 12:46:40 | 00,065,536 | ---- | C] () -- C:\Windows\System32\YCRWin32.dll
[2008/03/15 12:41:15 | 00,086,016 | ---- | C] () -- C:\Windows\System32\wisemsg.dll
[2008/03/15 12:41:11 | 00,040,448 | ---- | C] () -- C:\Windows\System32\regobj.dll
[2008/03/15 12:23:38 | 00,005,607 | ---- | C] () -- C:\Windows\System32\stci.dll
[2007/06/29 11:25:12 | 00,033,664 | ---- | C] () -- C:\Windows\System32\drivers\TsWlan.sys
[2007/05/30 14:50:18 | 00,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/05/30 14:50:18 | 00,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/05/30 14:50:18 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/05/30 14:50:18 | 00,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/05/30 14:50:18 | 00,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/05/30 14:50:18 | 00,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/05/30 14:40:01 | 00,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/05/30 14:34:19 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/05/30 14:15:04 | 00,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007/05/30 14:15:04 | 00,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/05/30 14:15:04 | 00,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007/05/30 14:15:04 | 00,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007/05/30 13:54:03 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/30 13:54:03 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/05/30 13:54:03 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1263.dll
[2007/05/30 13:09:18 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/12/05 13:05:06 | 00,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 13:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 11:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[1999/01/22 19:46:58 | 00,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[2 C:\Windows\*.tmp files]
[2009/05/31 20:46:10 | 00,002,725 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2009/05/31 20:45:24 | 00,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2009/05/31 20:45:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/05/31 20:44:41 | 21,758,1896 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/05/31 20:42:50 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/05/31 20:42:50 | 00,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/05/31 20:42:50 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{79032CB4-DCFE-4B39-852D-4D2B3DEB801A}.job
[2009/05/31 20:42:50 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/05/31 09:00:40 | 00,008,212 | ---- | M] () -- C:\Windows\mfebcdata
[2009/05/31 08:41:17 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/05/31 08:41:17 | 00,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/05/31 08:41:17 | 00,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/05/31 08:37:20 | 00,000,262 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/05/24 14:14:42 | 00,002,047 | ---- | M] () -- C:\Users\Public\Desktop\Sky Player.lnk
[2009/05/19 09:42:51 | 00,001,872 | ---- | M] () -- C:\Users\Barry\Desktop\Toshiba TEMPRO Alerts.lnk
[2009/05/18 17:44:53 | 00,000,728 | ---- | M] () -- C:\Windows\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2009/05/18 17:44:38 | 00,002,046 | ---- | M] () -- C:\Users\Barry\Desktop\O2 Broadband Assistant.lnk
[2009/05/14 10:23:10 | 00,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009/05/12 11:35:58 | 00,322,664 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/05/12 09:45:02 | 00,159,600 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/05/11 19:09:20 | 00,002,026 | ---- | M] () -- C:\Users\Public\Desktop\3G Watcher.lnk
[2009/05/11 07:30:39 | 00,001,764 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2009/05/07 08:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

========== LOP Check ==========

[2009/05/11 19:03:01 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming
[2009/02/01 13:50:20 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Adobe
[2008/03/16 16:32:34 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Apple Computer
[2009/05/27 17:48:31 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\BitTorrent
[2008/03/15 15:33:30 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\DesktopSMS
[2009/05/31 08:59:50 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\DNA
[2008/05/18 07:11:29 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Google
[2008/03/16 18:02:10 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Help
[2008/10/26 16:20:09 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\ICAClient
[2008/03/15 12:01:47 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Identities
[2008/03/15 12:00:29 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\InstallShield
[2008/04/05 08:25:27 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\LG Electronics
[2008/03/15 17:15:03 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Macromedia
[2008/03/27 09:53:08 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Malwarebytes
[2006/11/02 13:37:34 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Media Center Programs
[2009/04/28 21:28:40 | 00,000,000 | --SD | M] -- C:\Users\Barry\AppData\Roaming\Microsoft
[2008/05/07 18:36:50 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Microsoft Web Folders
[2008/07/27 18:54:39 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Mozilla
[2008/03/25 13:33:55 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\PC Tools
[2008/04/12 15:34:55 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Real
[2008/03/16 18:21:27 | 00,000,000 | RH-D | M] -- C:\Users\Barry\AppData\Roaming\SecuROM
[2009/05/11 19:12:59 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Sierra Wireless
[2008/12/26 16:53:03 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Sports Interactive
[2009/04/27 23:10:21 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Spotify
[2008/04/09 21:14:53 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\SUPERAntiSpyware.com
[2008/03/23 09:47:05 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Talkback
[2008/04/10 22:04:04 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Thunderbird
[2008/07/11 19:48:22 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Toshiba
[2008/04/27 11:20:38 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\vlc
[2008/03/21 11:07:33 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\WinRAR
[2008/10/26 14:54:55 | 00,000,000 | ---D | M] -- C:\Users\Barry\AppData\Roaming\Yahoo!
[2008/12/18 19:14:37 | 00,000,340 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2008/12/18 19:14:37 | 00,000,332 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/05/31 20:42:50 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/05/31 09:00:41 | 00,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/05/31 20:42:50 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{79032CB4-DCFE-4B39-852D-4D2B3DEB801A}.job
[2009/05/31 08:37:20 | 00,000,262 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >


OTL Extras logfile created on: 31/05/2009 21:02:28 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Barry\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 70.40% Memory free
4.00 Gb Paging File | 3.66 Gb Available in Paging File | 91.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94.50 Gb Total Space | 32.76 Gb Free Space | 34.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 90.35 Gb Total Space | 26.16 Gb Free Space | 28.95% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BARRY-LAPTOP
Current User Name: Barry
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux (Sierra Wireless, Inc.)
C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater (Sierra Wireless, Inc.)
"" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{3797C151-BEAC-4BE8-A2E7-47B5C01741DC} = RPORT=5679 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=RAPIMGR |
{CA6A150C-9740-4C4C-A2C1-77419F690F50} = LPORT=990 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=RAPIMGR |

========== Vista Active Application Exception List ==========

{000308FA-93C9-4BF4-A0B5-9972672AA50A} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\COMMON\FOOTBALL MANAGER 2009\FM.EXE |
{11DDC2A1-5179-4C90-8E8B-9BDD846B3547} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{13531AF9-67D7-40A7-AB6A-3402A7926176} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\KONTIKI\KSERVICE.EXE |
{1974E138-0BB2-40BC-B0DB-AC107E7327CE} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\SUPPORTSOFT\BIN\SSRC.EXE |
{1D3D7A4A-0D9F-46B1-B623-0FA33D256F62} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{27AFF33B-44F5-4AD8-824D-5D464B021E2B} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SPORTS INTERACTIVE\FOOTBALL MANAGER 2009\FM.EXE |
{2FDDE26F-17A2-4DB6-8CF0-1040A8127ADD} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{3ABE9368-2104-4FC8-A5D8-F2CEB9755701} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\KONTIKI\KSERVICE.EXE |
{426FBA8C-10AC-40D4-8338-AA7023BC4F55} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{42D4A5E2-DD08-4730-A544-E4772C368A0D} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\DNA\BTDNA.EXE |
{43E36E79-A17B-4200-BD82-EE207AA531F5} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{536FE79C-9627-40C1-A9B1-69733D22067E} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\O2\AGENT\BIN\BCONT.EXE |
{66A437C8-7D93-4FB1-A5F7-68579E88C10E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\O2\AGENT\BIN\BCONT_NM.EXE |
{6A92DA9F-84BE-4D35-BD55-C62DCA391CEB} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\DNA\BTDNA.EXE |
{7C023C95-C049-4F23-A5FA-3B21629D78CC} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{7C63C50A-346D-4C8E-A3F5-3D35FFD780C7} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\KONTIKI\KSERVICE.EXE |
{8840E197-A1A8-4E71-8008-E4794A0B78C6} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\SUPPORTSOFT\BIN\SSRC.EXE |
{96D79068-089C-41D9-AB39-C40DA9CFE107} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\DNA\BTDNA.EXE |
{994C9F86-59B7-4217-BB31-0AF8051C58DE} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\DNA\BTDNA.EXE |
{A2DC7501-6663-4FC6-95E6-88C33BE1AABA} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\O2\AGENT\BIN\BCONT.EXE |
{A35721D7-06EC-46D8-953C-237DC84BBB9B} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SPORTS INTERACTIVE\FOOTBALL MANAGER 2008\FM.EXE |
{A46C7615-5B1D-4D74-9EEB-346622250946} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\O2\BIN\WIFICFG.EXE |
{AD52E56D-2804-4469-8BD2-110434D3B775} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{AE147BC3-D8D9-4CAD-A15C-7FC84D0ECDFB} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SPORTS INTERACTIVE\FOOTBALL MANAGER 2009\FM.EXE |
{AE29B640-6CD4-4CBB-988B-B467A82B3852} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\STEAM\STEAMAPPS\COMMON\FOOTBALL MANAGER 2009\FM.EXE |
{B19C91CE-69E8-4651-A2AD-4303D1FA94EB} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\ITUNES\ITUNES.EXE |
{BC192852-0EEB-4799-AE06-F395D1807645} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\DNA\BTDNA.EXE |
{BE04DB4D-8429-43BE-89D5-40D847622AF7} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SPORTS INTERACTIVE\FOOTBALL MANAGER 2008\FM.EXE |
{BE64CAA0-8AC0-42A7-8655-620E2042B541} = DIR=IN | APP=C:\PROGRAM FILES\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE |
{C0454868-3247-4C45-8F95-6171011546D3} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\O2\BIN\WIFICFG.EXE |
{C3FF54CA-2745-4355-9946-E89A98940B24} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\KONTIKI\KSERVICE.EXE |
{D86BFF5F-C870-4F7F-ACD4-7ECD809CF0A8} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{DF11C11A-858F-4079-B713-F076268FF47F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\O2\AGENT\BIN\BCONT_NM.EXE |
{F015C62C-6DBB-40AF-BECC-D3BA47E666E5} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE |
{F9C13ED5-5C4C-4CD0-A779-D5A9D1645C44} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\DNA\BTDNA.EXE |
TCP Query User{0BE45261-5C76-4180-9827-29BE02A06670}C:\program files\bittorrent\bittorrent.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE |
TCP Query User{23353CF9-552A-4846-BB46-A028EF4EB225}C:\users\barry\program files\dna\btdna.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\BARRY\PROGRAM FILES\DNA\BTDNA.EXE |
TCP Query User{55C4D4FD-DD42-45FC-BE67-793CCB106220}C:\program files\internet explorer\iexplore.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
TCP Query User{5DE02B95-EA03-48D8-A02B-B81B3D2CF13D}C:\program files\sony ericsson\update service\update service.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SONY ERICSSON\UPDATE SERVICE\UPDATE SERVICE.EXE |
TCP Query User{5E74CAD5-0970-4BD4-AF86-523145E9E28F}C:\program files\mozilla firefox\firefox.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{7FC2A113-37E8-4C99-BAB0-1EC080EE6B46}C:\users\barry\program files\dna\btdna.exe = PROTOCOL=6 | DIR=IN | APP=C:\USERS\BARRY\PROGRAM FILES\DNA\BTDNA.EXE |
TCP Query User{89A96DC1-7860-4914-A9D7-4C788D7A1C62}C:\program files\sopcast\adv\sopadver.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SOPCAST\ADV\SOPADVER.EXE |
TCP Query User{997E7F5A-51F2-4D1F-B1E0-8069BD6004BD}C:\program files\bittorrent\bittorrent.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE |
TCP Query User{BB406BDD-B9BC-46E7-85EB-6ECDB2977D24}C:\program files\mozilla firefox\firefox.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
TCP Query User{C1C2C440-1235-44D8-945F-8EAA882B724C}C:\program files\sopcast\sopcast.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES\SOPCAST\SOPCAST.EXE |
UDP Query User{0C07314E-8E04-4C37-B93C-16CADD409CAF}C:\program files\mozilla firefox\firefox.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{228A9E26-4497-43CE-9A1A-1E3637647388}C:\program files\bittorrent\bittorrent.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE |
UDP Query User{5C0455E9-0A31-4E45-8E64-3FBA3FABAEF0}C:\program files\sony ericsson\update service\update service.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SONY ERICSSON\UPDATE SERVICE\UPDATE SERVICE.EXE |
UDP Query User{8F67D160-C85C-4338-8058-34C9AFF0177B}C:\program files\sopcast\adv\sopadver.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SOPCAST\ADV\SOPADVER.EXE |
UDP Query User{9F200BE4-8F45-41C6-8123-63FBEA7C47FE}C:\program files\mozilla firefox\firefox.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE |
UDP Query User{A1945160-72B1-4692-88BE-819310AD9606}C:\users\barry\program files\dna\btdna.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\BARRY\PROGRAM FILES\DNA\BTDNA.EXE |
UDP Query User{B6B4ACD5-0068-4228-8964-C1E553E26431}C:\users\barry\program files\dna\btdna.exe = PROTOCOL=17 | DIR=IN | APP=C:\USERS\BARRY\PROGRAM FILES\DNA\BTDNA.EXE |
UDP Query User{BF0FB919-5711-489F-8004-79B692CBA56E}C:\program files\sopcast\sopcast.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\SOPCAST\SOPCAST.EXE |
UDP Query User{D3C5594F-B510-4DA2-BFAC-ABDBE911C472}C:\program files\internet explorer\iexplore.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE |
UDP Query User{F8C95EEA-DCEA-4D69-BD47-CD77858D5507}C:\program files\bittorrent\bittorrent.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES\BITTORRENT\BITTORRENT.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0020FEE2-7CDB-4250-B04B-81D68D3CA18B}" =
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0F4F4815-76AD-4B26-8763-72F3344041C2}" = TOSHIBA Manuals
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}" = Citrix Presentation Server Client - Web Only
"{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}" = MobileMe Control Panel
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 3.209.00
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E74E22D-57C3-4B43-8F4F-AF35E9F6E17F}" = Sierra Wireless 3G Watcher
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7C30283C-8DC7-4FBB-805E-52BEA5F580E8}" = Toshiba TEMPRO
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}" = Safari
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}" = Alcatel SpeedTouch USB Software
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC27E83E-D213-49CC-A0AA-58BC1091F882}" = O2 Connection Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"4oD" = 4oD
"665F38279B776196E931D05FD4F323ACD56A7D0A" = Windows Driver Package - Intel net (04/27/2007 11.1.0.100)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ask Toolbar_is1" = Ask Toolbar
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"CCleaner" = CCleaner (remove only)
"D378CF7D7829BEE3D6C6016D3E4A00DF2B5B858B" = Windows Driver Package - Intel (NETw2v32) net (02/14/2007 9.1.1.13)
"EBC99210EB86A837E0E2BB1E172574094DC09052" = Windows Driver Package - Intel (NETw4v32) net (04/27/2007 11.1.0.100)
"Football Manager 2008" = Football Manager 2008
"Football Manager 2009" = Football Manager 2009
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"Free Internet Window Washer" = Free Internet Window Washer
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{49B85E35-3C56-4420-9A0A-D125348A2D7F}" = TOSHIBA Supervisor Password
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{8B81CF96-0223-40E9-B6E7-1461F450B605}" = TOSHIBA Hardware Setup
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSC" = McAfee SecurityCenter
"myphotobook" = myphotobook 3.1
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 3.0.1
"Spotify" = Spotify
"Spyware Doctor" = Spyware Doctor 6.0
"Steam App 10540" = Football Manager 2009
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


When I ran the 2nd programme, it keeps crashing half way through the scan (i'm running in safe mode and i've disabled my mcafee anti virus). I've copied the problem log and its below (if that helps). Hopefully, you have some other ideas!



Problem signature
Problem Event Name: APPCRASH
Application Name: 4sq5b37c.exe
Application Version: 1.0.15.14972
Application Timestamp: 49f73740
Fault Module Name: 4sq5b37c.exe
Fault Module Version: 1.0.15.14972
Fault Module Timestamp: 49f73740
Exception Code: c0000005
Exception Offset: 0000c4b1
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 2057
Additional Information 1: fd00
Additional Information 2: ea6f5fe8924aaa756324d57f87834160
Additional Information 3: fd00
Additional Information 4: ea6f5fe8924aaa756324d57f87834160

Files that help describe the problem
Version.txt
AppCompat.txt
memory.hdmp
minidump.mdmp

View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.



Thanks for your help

Barry
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

  • 0

#5
barryg

barryg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi - the combofix crashed half way through but funnily enough the 1st programme works and the computer boots up in normal mode ok now. The results are below in a few posts to fit:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-03 07:13:12
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8E279498]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8E2794AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8E279528]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8E279552]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8E279470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8E279484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8E2794FE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8E27957A]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8E279566]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8E2794EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8E2794D6]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8E27945C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8E27953E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8E279514]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8E2794C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution 8206DC26 5 Bytes JMP 8E279518 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 82203778 5 Bytes JMP 8E279474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 82210A49 5 Bytes JMP 8E279556 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 822373DB 7 Bytes JMP 8E279502 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 822444A0 5 Bytes JMP 8E279542 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 82244829 7 Bytes JMP 8E27952C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8224F8F4 5 Bytes JMP 8E2794DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 82253FA9 5 Bytes JMP 8E279460 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 82258271 5 Bytes JMP 8E279488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateUserProcess 8226683B 5 Bytes JMP 8E2794C6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 822841D0 5 Bytes JMP 8E27956A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8228521A 5 Bytes JMP 8E27957E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 822C3265 5 Bytes JMP 8E27949C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcessEx 822C32B0 7 Bytes JMP 8E2794B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 822C3D6F 5 Bytes JMP 8E2794EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\agrsmsvc.exe[504] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\agrsmsvc.exe[504] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\agrsmsvc.exe[504] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\agrsmsvc.exe[504] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[568] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\taskeng.exe[568] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[568] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\taskeng.exe[568] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[572] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[592] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[648] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\csrss.exe[648] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\csrss.exe[648] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\csrss.exe[648] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\ij8pr81p.exe[720] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Users\Barry\ij8pr81p.exe[720] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Users\Barry\ij8pr81p.exe[720] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Users\Barry\ij8pr81p.exe[720] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[768] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[776] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\wininit.exe[776] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[776] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\wininit.exe[776] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[788] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\csrss.exe[788] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\csrss.exe[788] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\csrss.exe[788] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[820] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00290F6B
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00290F7C
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00290F24
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00290F3F
.text C:\Windows\system32\services.exe[820] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00290081
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00290FD4
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 0029004A
.text C:\Windows\system32\services.exe[820] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00290F8D
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00290FA8
.text C:\Windows\system32\services.exe[820] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00290FC3
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 0029009C
.text C:\Windows\system32\services.exe[820] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 002900DF
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 0029000A
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00290FEF
.text C:\Windows\system32\services.exe[820] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00290025
.text C:\Windows\system32\services.exe[820] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00290F5A
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00130F8A
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 0013002C
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00130FEF
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00130FA5
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00130047
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 00130011
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 00130000
.text C:\Windows\system32\services.exe[820] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00130FCA
.text C:\Windows\system32\services.exe[820] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\services.exe[820] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 007C0FB0
.text C:\Windows\system32\services.exe[820] msvcrt.dll!system 77218B63 5 Bytes JMP 007C0031
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 007C0FC1
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 007C0FE3
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 007C0020
.text C:\Windows\system32\services.exe[820] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 007C0FD2
.text C:\Windows\system32\services.exe[820] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 0018000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 004800F1
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 004800E0
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00480F80
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00480F9B
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 004800AA
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 0048002C
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00480058
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00480FB6
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00480069
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00480047
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 004800C5
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00480F6F
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00480011
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00480000
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00480FDB
.text C:\Windows\system32\lsass.exe[844] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 0048010C
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 000A004A
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 000A0FC3
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 000A000A
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 000A0FB2
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 000A0F83
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 000A0FDE
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 000A0FEF
.text C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 000A002F
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00490FC0
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!system 77218B63 5 Bytes JMP 0049004B
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00490029
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 0049000C
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 0049003A
.text C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00490FEF
.text C:\Windows\system32\lsass.exe[844] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\lsass.exe[844] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\lsass.exe[844] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 000B0FEF
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [36, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [18, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [2A, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2D, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [12, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [15, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [21, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0F, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [30, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1B, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [33, 5F]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[848] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Windows\Explorer.EXE[848] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00010071
.text C:\Windows\Explorer.EXE[848] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00010F2B
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 0001009D
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 0001008C
.text C:\Windows\Explorer.EXE[848] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00010F72
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00010025
.text C:\Windows\Explorer.EXE[848] kernel32.dll!LoadLibraryExW 76A230C3 5 Bytes JMP 00010F83
.text C:\Windows\Explorer.EXE[848] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00010F9E
.text C:\Windows\Explorer.EXE[848] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00010F61
.text C:\Windows\Explorer.EXE[848] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00010040
.text C:\Windows\Explorer.EXE[848] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00010FB9
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00010F50
.text C:\Windows\Explorer.EXE[848] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00010EEB
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00010FDE
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00010FEF
.text C:\Windows\Explorer.EXE[848] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 0001000A
.text C:\Windows\Explorer.EXE[848] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00010F10
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00050F8D
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00050FB9
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00050FE5
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00050F9E
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00050040
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 0005001B
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 0005000A
.text C:\Windows\Explorer.EXE[848] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00050FCA
.text C:\Windows\Explorer.EXE[848] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3C0F5A
.text C:\Windows\Explorer.EXE[848] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F380F5A
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00060051
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!system 77218B63 5 Bytes JMP 00060040
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 0006000A
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00060FE3
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00060025
.text C:\Windows\Explorer.EXE[848] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00060FC6
.text C:\Windows\Explorer.EXE[848] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 035B0000
.text C:\Windows\Explorer.EXE[848] WININET.dll!InternetOpenA 75D5B2D5 5 Bytes JMP 0378000A
.text C:\Windows\Explorer.EXE[848] WININET.dll!InternetOpenW 75D5B92E 5 Bytes JMP 0378001B
.text C:\Windows\Explorer.EXE[848] WININET.dll!InternetOpenUrlA 75D5DEF0 5 Bytes JMP 03780FE5
.text C:\Windows\Explorer.EXE[848] WININET.dll!InternetOpenUrlW 75DA7347 5 Bytes JMP 03780FD4
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[852] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\lsm.exe[852] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[852] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\lsm.exe[852] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[940] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\winlogon.exe[940] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\winlogon.exe[940] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\winlogon.exe[940] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 000E0F3C
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 000E0081
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 000E00D2
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 000E00B7
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 000E0055
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 000E0014
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 000E0FA1
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 000E0066
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 000E0F7C
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 000E0FB2
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 000E0F57
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 000E00ED
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 000E0FDE
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 000E0FEF
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 000E0FC3
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 000E00A6
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 000F004E
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!system 77218B63 5 Bytes JMP 000F0FCD
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 000F0FEF
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 000F0000
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 000F0FDE
.text C:\Windows\system32\svchost.exe[1048] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 000F0029
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 000C0F72
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 000C0F94
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 000C0FEF
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 000C0F83
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 000C0039
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 000C0FCA
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 000C0000
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 000C0FAF
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1048] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 000D0FEF
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1092] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1128] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1136] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 001F00CF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 001F00B4
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 76A01C01 1 Byte [E9]
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 001F0105
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 001F0F6F
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 001F0F9E
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 001F0FDB
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 001F0FAF
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 001F0092
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 001F005B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 001F0FC0
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 001F00A3
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 001F0F54
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 001F001B
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 001F0000
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 001F002C
.text C:\Windows\system32\svchost.exe[1136] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 001F00EA
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00200055
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!system 77218B63 5 Bytes JMP 00200044
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00200018
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00200029
.text C:\Windows\system32\svchost.exe[1136] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00200FDE
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 001C0043
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 001C0F97
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 001C0028
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 001C0054
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 001C0FB2
.text C:\Windows\system32\svchost.exe[1136] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 001E000A
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1160] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1268] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoW 76A01929 3 Bytes JMP 002C00F4
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoW + 4 76A0192D 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoA 76A019C9 3 Bytes JMP 002C0FAF
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetStartupInfoA + 4 76A019CD 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessW 76A01C01 3 Bytes JMP 002C0123
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessW + 4 76A01C05 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessA 76A01C36 3 Bytes JMP 002C0F83
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateProcessA + 4 76A01C3A 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!VirtualProtect 76A01DD1 3 Bytes JMP 002C0FC0
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!VirtualProtect + 4 76A01DD5 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW 76A05C44 3 Bytes JMP 002C0047
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateNamedPipeW + 4 76A05C48 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 002C006C
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 002C00B4
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 002C007D
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 002C0FDB
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 002C00D9
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 002C0F72
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 002C0011
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 002C0000
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 002C002C
.text C:\Windows\System32\svchost.exe[1268] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 002C0F9E
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 002D005D
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!system 77218B63 5 Bytes JMP 002D0042
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 002D0FD2
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 002D0000
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 002D0027
.text C:\Windows\System32\svchost.exe[1268] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 002D0FE3
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 000F0F94
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 000F002C
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 000F0000
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 000F0FA5
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 000F0F83
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 000F001B
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 000F0FDB
.text C:\Windows\System32\svchost.exe[1268] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 000F0FC0
.text C:\Windows\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1268] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00110000
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1296] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 011800B7
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 01180F72
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 01180F57
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 011800E3
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 0118007A
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 0118002C
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 0118003D
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 0118008B
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 0118004E
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 01180FC0
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 011800A6
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 01180112
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 01180011
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 01180000
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 01180FDB
.text C:\Windows\System32\svchost.exe[1296] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 011800D2
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 011D0069
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!system 77218B63 5 Bytes JMP 011D004E
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 011D0FD4
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 011D0000
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 011D0029
.text C:\Windows\System32\svchost.exe[1296] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 011D0FEF
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 01120F94
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 01120FB9
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 01120000
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 01120036
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 01120F83
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 01120FDB
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 01120011
.text C:\Windows\System32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 01120FCA
.text C:\Windows\System32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1296] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 01130000
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1308] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00EF0F5D
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00EF0F78
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00EF00D8
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00EF00C7
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00EF0062
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00EF0FD4
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00EF0FB9
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00EF007D
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00EF0051
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00EF0040
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00EF0098
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00EF0F27
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00EF000A
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00EF0FEF
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00EF001B
.text C:\Windows\system32\svchost.exe[1308] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00EF0F4C
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00F0005F
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!system 77218B63 5 Bytes JMP 00F00044
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00F00FD4
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00F00FEF
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00F00033
.text C:\Windows\system32\svchost.exe[1308] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00F00018
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 0060006C
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00600036
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00600FE5
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 0060005B
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00600087
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 00600FD4
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 0060000A
.text C:\Windows\system32\svchost.exe[1308] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00600025
.text C:\Windows\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1308] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00650000
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1344] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1420] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00240F61
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00240F72
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00240F2B
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00240F46
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00240081
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00240039
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00240FB2
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00240F8D
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00240054
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00240FCD
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 002400A6
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00240F1A
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00240FDE
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00240FEF
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00240014
.text C:\Windows\system32\svchost.exe[1420] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 002400C1
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00250044
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!system 77218B63 5 Bytes JMP 00250033
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00250FDE
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00250FEF
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00250FC3
.text C:\Windows\system32\svchost.exe[1420] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00250018
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00210F7C
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00210FA8
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00210FEF
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00210F8D
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 0021002F
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 0021000A
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 00210FDE
.text C:\Windows\system32\svchost.exe[1420] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00210FC3
.text C:\Windows\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1420] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00220FEF
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1484] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 00F80F38
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00F80F53
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00F800A2
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00F80F0C
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00F80062
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 00F80036
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00F80FB9
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00F80F78
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00F80051
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00F80FCA
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00F80087
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00F80EFB
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00F80014
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00F80FEF
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00F80025
.text C:\Windows\system32\svchost.exe[1484] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00F80F27
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00F90042
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!system 77218B63 5 Bytes JMP 00F90031
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00F90FC1
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00F90FEF
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00F90020
.text C:\Windows\system32\svchost.exe[1484] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00F90FD2
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00ED004A
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00ED0039
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00ED0FEF
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00ED0FA8
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00ED005B
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 00ED0FC3
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 00ED0FDE
.text C:\Windows\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 00ED0014
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1484] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00F60000
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenA 75D5B2D5 5 Bytes JMP 00F7000A
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenW 75D5B92E 5 Bytes JMP 00F7001B
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlA 75D5DEF0 5 Bytes JMP 00F70036
.text C:\Windows\system32\svchost.exe[1484] WinInet.dll!InternetOpenUrlW 75DA7347 5 Bytes JMP 00F70FE5
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1572] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 006000CF
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 006000BE
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00600F54
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 006000E0
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00600FB6
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 0060003D
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00600058
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00600FA5
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 0060007D
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00600FD1
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00600F94
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 00600F39
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00600011
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00600000
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00600022
.text C:\Windows\system32\svchost.exe[1572] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 00600F65
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00610FE5
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!system 77218B63 5 Bytes JMP 00610070
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 0061003A
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00610055
.text C:\Windows\system32\svchost.exe[1572] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 0061001D
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 005A008A
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 005A0054
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 005A0065
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 005A0FC3
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 005A002F
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 005A0014
.text C:\Windows\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 005A0FDE
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1572] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1572] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 005F0FE5
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Users\Barry\Program Files\DNA\btdna.exe[1708] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe[1812] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1820] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1932] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\System32\spoolsv.exe[1932] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\spoolsv.exe[1932] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1956] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 01860F6B
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 01860F7C
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 01860101
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 018600E6
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 01860092
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 01860FDE
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 01860054
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 01860F9E
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 01860065
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 01860FCD
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 01860F8D
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 01860F50
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 01860FEF
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 01860000
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 01860025
.text C:\Windows\system32\svchost.exe[1956] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 018600CB
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 01970F95
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!system 77218B63 5 Bytes JMP 01970FA6
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 01970FD2
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 01970FEF
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 01970FC1
.text C:\Windows\system32\svchost.exe[1956] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 0197000C
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 01980FB6
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 0198003D
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 01980FE5
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 0198004E
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 01980FA5
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 0198001B
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 01980000
.text C:\Windows\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 0198002C
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1956] WS2_32.dll!socket
  • 0

#6
barryg

barryg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Part 2:

.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[2084] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[2104] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2120] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[2132] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\rundll32.exe[2132] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\rundll32.exe[2132] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\rundll32.exe[2132] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2196] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2396] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 008C0092
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 008C0077
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 008C0F1E
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 008C00B4
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 008C0026
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 008C0F94
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 008C0000
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 008C0041
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 008C0F68
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 008C0F79
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 008C0052
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 008C00C5
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 008C0FD4
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 008C0FE5
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 008C0FAF
.text C:\Windows\system32\svchost.exe[2396] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 008C00A3
.text C:\Windows\system32\svchost.exe[2396] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00C60F92
.text C:\Windows\system32\svchost.exe[2396] msvcrt.dll!system 77218B63 5 Bytes JMP 00C60027
.text C:\Windows\system32\svchost.exe[2396] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00C60FB7
.text C:\Windows\system32\svchost.exe[2396] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00C60FE3
.text C:\Windows\system32\svchost.exe[2396] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00C6000C
.text C:\Windows\system32\svchost.exe[2396] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00C60FD2
.text C:\Windows\system32\svchost.exe[2396] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 008A0F83
.text C:\Windows\system32\svchost.exe[2396] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 008A0025
.text C:\Windows\system32\svchost.exe[2396] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 008A000A
.text C:\Windows\system32\svchost.exe[2396] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 008A0F9E
.text C:\Windows\system32\svchost.exe[2396] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 008A0F68
.text C:\Windows\system32\svchost.exe[2396] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 008A0FD4
.text C:\Windows\system32\svchost.exe[2396] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 008A0FE5
.text C:\Windows\system32\svchost.exe[2396] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 008A0FB9
.text C:\Windows\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[2396] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[2396] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 008B0000
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2412] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2428] kernel32.dll!CreateThread + 1A 76A446E2 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\O2\bin\sprtsvc.exe[2664] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2680] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 0095006C
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 00950F27
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 00950F0C
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 00950098
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 00950F53
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 0095001B
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 00950F94
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 00950F42
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 00950F79
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 00950FA5
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 00950051
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 009500BD
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 00950FE5
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 00950000
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 00950FD4
.text C:\Windows\system32\svchost.exe[2680] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 0095007D
.text C:\Windows\system32\svchost.exe[2680] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 00960049
.text C:\Windows\system32\svchost.exe[2680] msvcrt.dll!system 77218B63 5 Bytes JMP 00960FC8
.text C:\Windows\system32\svchost.exe[2680] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00960FE3
.text C:\Windows\system32\svchost.exe[2680] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00960000
.text C:\Windows\system32\svchost.exe[2680] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 0096002E
.text C:\Windows\system32\svchost.exe[2680] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 0096001D
.text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 008B0FC3
.text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 008B0040
.text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 008B0FEF
.text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 008B005B
.text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 008B0FA8
.text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 008B0FD4
.text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 008B000A
.text C:\Windows\system32\svchost.exe[2680] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 008B0025
.text C:\Windows\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[2680] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 00940FEF
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproSvc.exe[2696] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2712] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2804] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\TODDSrv.exe[2956] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\TODDSrv.exe[2956] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\TODDSrv.exe[2956] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\TODDSrv.exe[2956] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2988] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3096] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3168] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3244] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 000F0F43
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 000F0088
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 000F00AD
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 000F0F17
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 000F0041
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 000F0025
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 000F0F9E
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 000F005C
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 000F0F79
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 000F0FB9
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 000F006D
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 000F00BE
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 000F0014
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 000F0FDE
.text C:\Windows\System32\svchost.exe[3244] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 000F0F28
.text C:\Windows\System32\svchost.exe[3244] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 0010002C
.text C:\Windows\System32\svchost.exe[3244] msvcrt.dll!system 77218B63 5 Bytes JMP 00100FA1
.text C:\Windows\System32\svchost.exe[3244] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 00100FCD
.text C:\Windows\System32\svchost.exe[3244] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 00100FEF
.text C:\Windows\System32\svchost.exe[3244] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 00100FBC
.text C:\Windows\System32\svchost.exe[3244] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 00100FDE
.text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 00090F9E
.text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 00090FC0
.text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 00090000
.text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 00090FAF
.text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 00090F8D
.text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 00090011
.text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 00090FE5
.text C:\Windows\System32\svchost.exe[3244] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 0009002C
.text C:\Windows\System32\svchost.exe[3244] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\svchost.exe[3244] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[3244] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 004E0FEF
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3404] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\taskeng.exe[3404] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[3404] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\taskeng.exe[3404] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3476] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!GetStartupInfoW 76A01929 5 Bytes JMP 014C0F79
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!GetStartupInfoA 76A019C9 5 Bytes JMP 014C00BE
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!CreateProcessW 76A01C01 5 Bytes JMP 014C00F4
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!CreateProcessA 76A01C36 5 Bytes JMP 014C00E3
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!VirtualProtect 76A01DD1 5 Bytes JMP 014C0092
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!CreateNamedPipeW 76A05C44 5 Bytes JMP 014C0FCA
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 014C006C
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!LoadLibraryW 76A2361F 5 Bytes JMP 014C0051
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!VirtualProtectEx 76A28D7E 5 Bytes JMP 014C00A3
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!LoadLibraryExA 76A29469 5 Bytes JMP 014C0FAF
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!LoadLibraryA 76A29491 5 Bytes JMP 014C0040
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!CreatePipe 76A30284 5 Bytes JMP 014C0F8A
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!GetProcAddress 76A4B8B6 5 Bytes JMP 014C0105
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!CreateFileW 76A4CC4E 5 Bytes JMP 014C001B
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!CreateFileA 76A4CF71 5 Bytes JMP 014C000A
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!CreateNamedPipeA 76A9430E 5 Bytes JMP 014C0FE5
.text C:\Windows\system32\svchost.exe[3476] kernel32.dll!WinExec 76A954FF 5 Bytes JMP 014C0F68
.text C:\Windows\system32\svchost.exe[3476] msvcrt.dll!_wsystem 77218A47 5 Bytes JMP 014D0FB0
.text C:\Windows\system32\svchost.exe[3476] msvcrt.dll!system 77218B63 5 Bytes JMP 014D0FC1
.text C:\Windows\system32\svchost.exe[3476] msvcrt.dll!_creat 7721C6F1 5 Bytes JMP 014D001D
.text C:\Windows\system32\svchost.exe[3476] msvcrt.dll!_open 7721DA7E 5 Bytes JMP 014D0FEF
.text C:\Windows\system32\svchost.exe[3476] msvcrt.dll!_wcreat 7721DC9E 5 Bytes JMP 014D0FD2
.text C:\Windows\system32\svchost.exe[3476] msvcrt.dll!_wopen 7721DE79 5 Bytes JMP 014D000C
.text C:\Windows\system32\svchost.exe[3476] ADVAPI32.dll!RegCreateKeyExA 75AFB5E7 5 Bytes JMP 014A0F8A
.text C:\Windows\system32\svchost.exe[3476] ADVAPI32.dll!RegCreateKeyA 75AFB8AE 5 Bytes JMP 014A0FC0
.text C:\Windows\system32\svchost.exe[3476] ADVAPI32.dll!RegOpenKeyA 75B00BF5 5 Bytes JMP 014A0000
.text C:\Windows\system32\svchost.exe[3476] ADVAPI32.dll!RegCreateKeyW 75B0B83D 5 Bytes JMP 014A0FAF
.text C:\Windows\system32\svchost.exe[3476] ADVAPI32.dll!RegCreateKeyExW 75B0BCE1 5 Bytes JMP 014A0F79
.text C:\Windows\system32\svchost.exe[3476] ADVAPI32.dll!RegOpenKeyExA 75B0D4E8 5 Bytes JMP 014A0036
.text C:\Windows\system32\svchost.exe[3476] ADVAPI32.dll!RegOpenKeyW 75B13CB0 5 Bytes JMP 014A0025
.text C:\Windows\system32\svchost.exe[3476] ADVAPI32.dll!RegOpenKeyExW 75B1F09D 5 Bytes JMP 014A0FDB
.text C:\Windows\system32\svchost.exe[3476] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\svchost.exe[3476] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[3476] WS2_32.dll!socket 75BB36D1 5 Bytes JMP 014B0000
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[3508] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\SearchIndexer.exe[3508] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[3508] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\SearchIndexer.exe[3508] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Spybot\SDWinSec.exe[3720] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot\SDWinSec.exe[3720] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spybot\SDWinSec.exe[3720] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[4088] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\Dwm.exe[4088] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[4088] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\Dwm.exe[4088] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Spybot\TeaTimer.exe[4108] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot\TeaTimer.exe[4108] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Spybot\TeaTimer.exe[4108] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[4280] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\ehome\ehtray.exe[4280] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[4280] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\ehome\ehtray.exe[4280] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4336] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[4404] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\ehome\ehmsas.exe[4404] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[4404] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\ehome\ehmsas.exe[4404] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe[4480] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[4504] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[4560] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[4584] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4612] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[4636] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4672] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[4728] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe[4736] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe[4804] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4864] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Windows Mail\WinMail.exe[4992] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Mail\WinMail.exe[4992] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Mail\WinMail.exe[4992] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[5364] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\System32\hkcmd.exe[5364] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\hkcmd.exe[5364] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\System32\hkcmd.exe[5364] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5376] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
  • 0

#7
barryg

barryg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Final part:

.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[5400] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe[5472] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[5492] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\system32\igfxsrvc.exe[5492] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\igfxsrvc.exe[5492] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\system32\igfxsrvc.exe[5492] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[5504] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5504] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[5504] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe[5540] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!DbgBreakPoint 77057DFE 1 Byte [90]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[5636] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[5668] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[5668] kernel32.dll!CreateThread + 1A 76A446E2 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[5668] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[5668] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F040F5A
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Kontiki\KHost.exe[5696] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Kontiki\KHost.exe[5696] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Kontiki\KHost.exe[5696] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Kontiki\KHost.exe[5696] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe[5716] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[5720] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe[5744] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\RtHDVCpl.exe[5752] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\RtHDVCpl.exe[5752] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\RtHDVCpl.exe[5752] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\RtHDVCpl.exe[5752] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Alcatel\SpeedTouch USB\dragdiag.exe[5792] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Windows\WindowsMobile\wmdSync.exe[5800] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[5844] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe[5892] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe[5916] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[5972] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe[6004] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\O2\bin\sprtcmd.exe[6016] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] KERNEL32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Toshiba TEMPRO\TemproTray.exe[6044] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[6080] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[6112] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[6128] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtClose 77067F48 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtClose + 4 77067F4C 2 Bytes [35, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateFile 77068008 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateFile + 4 7706800C 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateKey 77068048 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateKey + 4 7706804C 2 Bytes [05, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateProcess 770680C8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateProcess + 4 770680CC 2 Bytes [29, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateProcessEx 770680D8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateProcessEx + 4 770680DC 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateSection 770680F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateSection + 4 770680FC 2 Bytes [23, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtDeleteKey 770683F8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtDeleteKey + 4 770683FC 2 Bytes [0B, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtDeleteValueKey 77068428 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtDeleteValueKey + 4 7706842C 2 Bytes [11, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtRenameKey 77068CF8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtRenameKey + 4 77068CFC 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtSetInformationFile 77068F18 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtSetInformationFile + 4 77068F1C 2 Bytes [20, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtSetValueKey 77069088 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtSetValueKey + 4 7706908C 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtTerminateProcess 77069128 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtTerminateProcess + 4 7706912C 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtWriteFile 77069278 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtWriteFile + 4 7706927C 2 Bytes [1A, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtWriteFileGather 77069288 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtWriteFileGather + 4 7706928C 2 Bytes [1D, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtWriteVirtualMemory 770692A8 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtWriteVirtualMemory + 4 770692AC 2 Bytes [32, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateUserProcess 77069438 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] ntdll.dll!NtCreateUserProcess + 4 7706943C 2 Bytes [26, 5F]
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] kernel32.dll!LoadLibraryExW 76A230C3 6 Bytes JMP 5F070F5A
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] USER32.dll!SetWindowsHookExW 76AE7B69 6 Bytes JMP 5F3B0F5A
.text C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe[6136] USER32.dll!SetWindowsHookExA 76B0BB0E 6 Bytes JMP 5F370F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Windows\Explorer.EXE[848] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2428] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2428] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044AE68] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5668] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[5668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044ACE0] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hi does Mcafee detect the trojan anymore?
If so tell me where it detects it at.
  • 0

#9
barryg

barryg

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi - sorry for the delayed reply.

McAfree doesn't find anything when it scans. Does that mean i'm cured?

If so, thanks for your help, i'll be making a donation for sure.

Thanks
Barry
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Yep looks good to me.
Please uninstall this below:
Asktoolbar (or anything that says Ask in it)
=============================
Cleanup:

Please double click on OTL it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your all set. :)


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP