Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Internet redirect problem

Started by arb505 , Mar 24 2009 09:57 PM

  • Please log in to reply

#1
arb505
Posted 24 March 2009 - 09:57 PM

arb505

    New Member

  • Member
  • Pip
  • 7 posts
Hello,
I have the internet redirect problem with firefox and IE when using google search. Both programs also periodically close unexpectedly. I followed the guide - but no extras text file appeared with this OTList log. Rooter, when I double-cliked, gave me a blinking cursor but nothing else. I'd appreciate any help you might be able to offer. Thanks very much.


OTListIt logfile created on: 3/24/2009 10:45:55 PM - Run 4
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Amanda\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 51.25% Memory free
3.85 Gb Paging File | 3.02 Gb Available in Paging File | 78.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.72 Gb Total Space | 48.21 Gb Free Space | 43.15% Space Free | Partition Type: NTFS
Unable to calculate disk information.
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: Amanda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\WLTRYSVC.EXE ()
PRC - C:\WINDOWS\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
PRC - C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\StacSV.exe (SigmaTel, Inc.)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
PRC - C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
PRC - C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
PRC - C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Skype\Plugin Manager\skypePM.exe (Skype Technologies)
PRC - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe (OldTimer Tools)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AdobeVersionCue [On_Demand | Stopped]) -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe (Adobe Sytems)
SRV - (ASFIPmon [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Automatic LiveUpdate Scheduler [Disabled | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (GoogleDesktopManager-093007-112848 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Lavasoft Ad-Aware Service [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (LMIMaint [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LogMeIn [Auto | Running]) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (sdAuxService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (sdCoreService [On_Demand | Stopped]) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (SecureStorageService [On_Demand | Stopped]) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
SRV - (STacSV [Auto | Running]) -- C:\WINDOWS\system32\StacSV.exe (SigmaTel, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- File not found
SRV - (Symantec Core LC [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (tcsd_win32.exe [Auto | Running]) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\WINDOWS\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (61883 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\61883.sys (Microsoft Corporation)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (Avc [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\avc.sys (Microsoft Corporation)
DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND [Auto | Running]) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\system32\Drivers\COH_Mon.sys (Symantec Corporation)
DRV - (CO_Mon [Auto | Running]) -- C:\WINDOWS\system32\drivers\CO_Mon.sys (Symantec Corporation)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABMFSM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio)
DRV - (DLADResM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResM.SYS (Roxio)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DLARTL_M [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS (Roxio)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Roxio)
DRV - (DXEC01 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\dxec01.sys (Knowles Acoustics)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (guardian2 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\oz776.sys (O2Micro)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IKFileSec [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ikfilesec.sys (PCTools Research Pty Ltd.)
DRV - (IKSysFlt [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\iksysflt.sys (PCTools Research Pty Ltd.)
DRV - (IKSysSec [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\iksyssec.sys (PCTools Research Pty Ltd.)
DRV - (Lbd [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (LHidFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (Logitech, Inc.)
DRV - (LMIInfo [Auto | Running]) -- C:\Program Files\LogMeIn\x86\RaInfo.sys (LogMeIn, Inc.)
DRV - (lmimirr [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lmimirr.sys (LogMeIn, Inc.)
DRV - (LMIRfsClientNP [Disabled | Stopped]) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver [Auto | Running]) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMouFilt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (Logitech, Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MSDV [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\msdv.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090324.023\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090324.023\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (PBADRV [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys (Dell Inc)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SRTSP [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS (Symantec Corporation)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SYMDNS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090318.001\SymIDSco.sys (Symantec Corporation)
DRV - (SymIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SymIMMP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SymIM.sys (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (toshidpt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfbd [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosrfbnp [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfnds [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (MBAMSwissArmy [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071017
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071017

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=2071017
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....erify2?&.src=ym
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://login.yahoo....rify2?&.src=ym"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.2
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: wbepaste@starfield:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [2007/12/05 12:17:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/23 19:43:28 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/23 19:43:33 | 00,000,000 | ---D | M]

[2008/12/18 11:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Extensions
[2008/12/18 11:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/21 05:35:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Firefox\Profiles\4dmavsqx.default\extensions
[2009/01/07 17:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Firefox\Profiles\4dmavsqx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/17 23:09:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Firefox\Profiles\4dmavsqx.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/03/09 22:05:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Amanda\Application Data\mozilla\Firefox\Profiles\4dmavsqx.default\extensions\[email protected]
[2008/09/27 13:45:18 | 00,001,032 | ---- | M] () -- C:\Documents and Settings\Amanda\Application Data\Mozilla\FireFox\Profiles\4dmavsqx.default\searchplugins\wikipedia-eng.xml
[2009/03/21 05:35:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/08 12:18:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/05 12:48:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2008/04/10 00:25:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/08/31 01:06:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2007/12/05 12:17:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/03/08 12:18:38 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/08 12:18:38 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/06/30 13:44:08 | 00,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll
[2009/02/06 01:15:30 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/06 01:15:30 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/06 01:15:30 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/06 01:15:30 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/06 01:15:30 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/06 01:15:31 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/06 01:15:31 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (303042 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10444 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [\\AMANDA\EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P39 "\\AMANDA\EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200" (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart (Google)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE" (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet ()
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton 360 Premier Edition\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [\\AMANDA\EPSON Stylus Photo RX595 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICLA.EXE /FU "C:\DOCUME~1\Amanda\LOCALS~1\Temp\E_SBB.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (Skype Technologies S.A.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A89EFD-E023-A000-A22D-45F77558EB4C} http://content10.ili...XCltInstall.dll (ILINCInstall100 Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www2.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://northwestern...ent/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: Web-Based Email Tools http://email.secures...et/Download.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\system32\wxvault.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\system32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{b73aeb1d-84df-11dc-9b97-806d6172696f}\Shell\Rip\Command - "" = C:\Program Files\Windows Media Player\wmplayer.exe -- [2006/10/18 22:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{b8463afd-db0f-11dc-9bfb-001a6be56dc7}\Shell - "" = AutoRun
O33 - MountPoints2\{b8463afd-db0f-11dc-9bfb-001a6be56dc7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8463afd-db0f-11dc-9bfb-001a6be56dc7}\Shell\AutoRun\command - "" = E:\LapNetWizard.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/24 22:11:35 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/24 22:10:43 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe
[2009/03/24 22:10:26 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\Rooter.exe
[2009/03/24 21:57:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\Malwarebytes
[2009/03/24 21:57:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/24 21:57:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/24 21:57:07 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/24 21:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/03/24 21:57:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/24 21:55:08 | 02,876,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Amanda\Desktop\mbam-setup.exe
[2009/03/24 21:53:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/24 21:52:18 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/24 21:46:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Desktop\SysRestorePoint_v13
[2009/03/24 20:12:17 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Amanda\Desktop\HijackThis.lnk
[2009/03/24 20:12:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/24 20:11:41 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Amanda\Desktop\HJTInstall.exe
[2009/03/23 22:07:31 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/03/23 22:02:04 | 00,092,672 | ---- | C] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Amanda\Desktop\KillBox.exe
[2009/03/23 21:59:54 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/03/23 20:39:25 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/03/23 20:39:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/03/23 18:12:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/03/23 13:48:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\N360_BACKUP
[2009/03/21 13:21:37 | 00,060,416 | ---- | C] () -- C:\Documents and Settings\Amanda\My Documents\NFP Reconciliation.xls
[2009/03/18 20:04:23 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/18 17:41:34 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/18 17:41:21 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/18 17:32:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/03/18 17:32:41 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/03/18 17:32:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/16 23:02:54 | 00,000,000 | ---D | C] -- C:\btax
[2009/03/16 12:58:25 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/16 12:58:22 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/03/16 12:58:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/16 12:55:24 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/03/03 10:06:56 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Amanda\My Documents\CASAStudentCourseConfirmation[1].doc
[2009/03/03 10:04:35 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Amanda\My Documents\Casa Italiana businesspartnerlist[1].doc
[2009/02/22 22:50:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Amanda\Application Data\BSW

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\Amanda\My Documents\*.tmp files]
[2009/03/24 22:10:47 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Amanda\Desktop\OTListIt2.exe
[2009/03/24 22:10:28 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Rooter.exe
[2009/03/24 21:57:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/24 21:55:08 | 02,876,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Amanda\Desktop\mbam-setup.exe
[2009/03/24 21:44:58 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Amanda\My Documents\SysRestorePoint.exe
[2009/03/24 20:50:06 | 00,052,838 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/03/24 20:12:17 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\HijackThis.lnk
[2009/03/24 20:11:42 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Amanda\Desktop\HJTInstall.exe
[2009/03/24 13:00:04 | 00,000,443 | ---- | M] () -- C:\Documents and Settings\Amanda\Desktop\Sharing on Eliot.lnk
[2009/03/24 12:53:14 | 00,159,449 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/24 12:53:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/24 12:52:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/24 12:52:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/23 22:02:05 | 00,092,672 | ---- | M] (Option^Explicit Software [email protected]) -- C:\Documents and Settings\Amanda\Desktop\KillBox.exe
[2009/03/23 21:19:11 | 00,303,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/23 20:49:07 | 00,303,042 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090323-211911.backup
[2009/03/23 20:11:04 | 00,479,920 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/23 20:11:04 | 00,408,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/23 20:11:04 | 00,064,602 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/23 19:11:50 | 00,000,011 | ---- | M] () -- C:\WINDOWS\OSA.INI
[2009/03/23 17:42:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/23 12:42:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/03/22 15:00:45 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\Amanda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/21 21:48:11 | 00,060,416 | ---- | M] () -- C:\Documents and Settings\Amanda\My Documents\NFP Reconciliation.xls
[2009/03/17 23:46:37 | 06,985,766 | R--- | M] () -- C:\Documents and Settings\Amanda\My Documents\My Money Backup.mbf
[2009/03/16 15:22:54 | 00,137,728 | ---- | M] () -- C:\Documents and Settings\Amanda\My Documents\Reconciliation.xls
[2009/03/12 23:24:10 | 00,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/12 23:19:52 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/12 13:31:01 | 00,082,768 | ---- | M] () -- C:\Documents and Settings\Amanda\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/09 14:06:57 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/03/09 14:06:56 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/03/03 10:06:56 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Amanda\My Documents\CASAStudentCourseConfirmation[1].doc
[2009/03/03 10:04:35 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Amanda\My Documents\Casa Italiana businesspartnerlist[1].doc
[2009/02/25 15:54:59 | 24,768,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
  • 0

Advertisements

#2
sjpritch25
Posted 25 March 2009 - 09:02 PM

sjpritch25

    Malware Expert

  • Member
  • PipPip
  • 79 posts
Welcome to G2G!!!! :)


Download GMER Antirootkit and uzip it to a folder that you create such as C:\Gmer\: http://www.gmer.net/gmer.zip

  • Disconnect from the internet and disable all active protection so your security program drivers will not conflict with gmer's driver
  • Double-click Gmer.exe to run the program.
  • When the program opens, click the "Rootkit" Tab
  • On the right-side, check all the items to be scanned, but leave "Show All" unchecked
  • Select all drives that are connected to your system to be scanned
  • Click the Scan button
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard
  • Open Notepad or a similar text editor
  • Paste the clipboard contents into a text file by clicking Edit | Paste or Ctl V
  • Save the gmer scan log and post it in your next reply.
  • Close Gmer
  • Open a command prompt (Start | run |type cmd and hit Enter)
    • Type or paste the following to unload the gmer driver:
    • net stop gmer
    • Hit Enter
    • Exit the command prompt.
  • Re-enable all active protection.

  • 0

#3
arb505
Posted 27 March 2009 - 06:06 AM

arb505

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,
Thanks so much for your assistance! Here is the log you requsted. The Original post was too long, so I split it into two posts. In case it is significant, IE also crashed the first time I tried to post this message. Also, when I used the command prompt to " net stop gmer" I got the following error message:
"System error 1060 has ocurred.

The specified service does not exist as an installed service." Perhaps this was what it was supposed to say? GMER log follows...
Thanks again!

GMER 1.0.15.14944 - http://www.gmer.net
Rootkit scan 2009-03-27 06:21:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8A56ABA0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB7A23020]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB7A232A0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB7A23800]
SSDT 8A7C8730 ZwOpenSection
SSDT 8A619228 ZwResumeThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB7A23A50]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[160] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\svchost.exe[228] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[288] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[460] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[480] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[808] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Documents and Settings\Amanda\Desktop\GMER\gmer.exe[964] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1032] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\ctfmon.exe[1064] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\WLTRYSVC.EXE[1116] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 00A26DCE C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 00A272BA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 00A25BBB C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 00A2737D C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 00A2724D C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00A25AF1 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A273E3 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 00A26C79 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 00A2595F C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 00A261DA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 00A265B6 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 00A26AEA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 00A2633F C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 00A26261 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 00A262BB C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00A26035 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 00A266AD C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 00A26A54 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00A259B9 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 00A264E4 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 00A26EA5 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 00A26F53 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 00A26725 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 00A27202 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 00A25C61 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 00A25BDA C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 00A2718A C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 00A26BE5 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 00A2644C C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 00A269D0 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 00A26135 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 00A27001 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 00A26D63 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 00A25E5A C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 00A26E31 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 00A25F4C C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 00A25A83 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 00A27108 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 00A27236 C:\WINDOWS\System32\wxvault.dll
.text C:\WINDOWS\System32\bcmwltry.exe[1148] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 00A271E7 C:\WINDOWS\System32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 009D6DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 009D72BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 009D5BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 009D737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 009D724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 009D5AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009D73E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 009D6C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 009D595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 009D61DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 009D65B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 009D6AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 009D633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 009D6261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 009D62BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009D6035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 009D66AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 009D6A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 009D59B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 009D64E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 009D6EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 009D6F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 009D6725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 009D7202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 009D5C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 009D5BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 009D718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 009D6BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 009D644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 009D69D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 009D6135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 009D7001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 009D6D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 009D5E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 009D6E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 009D5F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 009D5A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 009D7108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 009D7236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe[1156] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 009D71E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\RaMaint.exe[1264] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 005F6DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 005F72BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 005F5BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 005F737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 005F724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 005F5AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 005F73E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 005F6C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 005F595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 005F61DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 005F65B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 005F6AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 005F633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 005F6261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 005F62BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 005F6035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 005F66AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 005F6A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 005F59B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 005F64E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 005F6EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 005F6F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 005F6725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 005F7202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 005F5C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 005F5BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 005F718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 005F6BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 005F644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 005F69D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 005F6135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 005F7001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 005F6D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 005F5E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 005F6E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 005F5F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 005F5A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 005F7108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 005F7236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeIn.exe[1368] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 005F71E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\spoolsv.exe[1432] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\Explorer.EXE[1484] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe[1688] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\winlogon.exe[1756] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\services.exe[1800] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\lsass.exe[1812] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2012] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\StacSV.exe[2100] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Digital Line Detect\DLG.exe[2268] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!ExitProcess 7C81CAFA 5 Bytes JMP 0504C08B C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] USER32.dll!MessageBoxA 7E4507EA 5 Bytes JMP 0504C035 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2272] USER32.dll!MessageBoxW 7E466534 5 Bytes JMP 0504C060 C:\Program Files\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\WINDOWS\system32\rundll32.exe[2460] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
  • 0

#4
arb505
Posted 27 March 2009 - 06:07 AM

arb505

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\rundll32.exe[2460] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\RunDLL32.exe[2468] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2476] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2492] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\SetPoint\SetPoint.exe[2516] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\msdtc.exe[2528] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe[2572] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] KERNEL32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Wave Systems Corp\SecureUpgrade.exe[2592] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 00886DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 008872BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 00885BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 0088737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 0088724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00885AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 008873E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 00886C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 0088595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 008861DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 008865B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 00886AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 0088633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 00886261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 008862BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00886035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 008866AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 00886A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 008859B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 008864E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 00886EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 00886F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 00886725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 00887202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 00885C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 00885BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 0088718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 00886BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 0088644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 008869D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 00886135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 00887001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 00886D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 00885E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 00886E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 00885F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 00885A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 00887108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 00887236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\KADxMain.exe[2644] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 008871E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[2672] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\svchost.exe[2688] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 00386DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 003872BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 00385BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 0038737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 0038724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 00385AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003873E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 00386C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 0038595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 003861DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 003865B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 00386AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 0038633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 00386261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 003862BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00386035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 003866AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 00386A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 003859B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 003864E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 00386EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 00386F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 00386725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 00387202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 00385C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 00385BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 0038718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 00386BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 0038644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 003869D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 00386135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 00387001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 00386D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 00385E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 00386E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 00385F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 00385A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 00387108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 00387236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe[2720] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 003871E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe[2724] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe[2776] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[2820] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[2824] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Apoint\ApMsgFwd.exe[2928] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3188] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe[3288] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\LogMeIn\x86\LogMeInSystray.exe[3460] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\unsecapp.exe[3588] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3628] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3720] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[3764] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\dllhost.exe[4016] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe[4488] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] ntdll.dll!NtFlushVirtualMemory 7C90D340 5 Bytes JMP 10006DCE C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] ntdll.dll!NtMapViewOfSection 7C90D500 5 Bytes JMP 100072BA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] ntdll.dll!NtReadFile 7C90D9B0 5 Bytes JMP 10005BBB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] ntdll.dll!NtUnmapViewOfSection 7C90DEF0 5 Bytes JMP 1000737D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] ntdll.dll!NtWriteFile 7C90DF60 5 Bytes JMP 1000724D C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!ReadFile 7C801812 7 Bytes JMP 10005AF1 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100073E3 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!CreateFileMappingW 7C809420 5 Bytes JMP 10006C79 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!CloseHandle 7C809BD7 5 Bytes JMP 1000595F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetDriveTypeW 7C80B360 5 Bytes JMP 100061DA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetFileAttributesW 7C80B7DC 5 Bytes JMP 100065B6 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!DuplicateHandle 7C80DE8E 7 Bytes JMP 10006AEA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!FindFirstFileExW 7C80EB0D 5 Bytes JMP 1000633F C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!FindClose 7C80EE67 7 Bytes JMP 10006261 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!FindNextFileW 7C80EFCA 7 Bytes JMP 100062BB C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 10006035 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetFileSizeEx 7C810A99 5 Bytes JMP 100066AD C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetFileInformationByHandle 7C810CFD 5 Bytes JMP 10006A54 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 100059B9 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetFileAttributesExW 7C811185 5 Bytes JMP 100064E4 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetLongPathNameW 7C8133E3 5 Bytes JMP 10006EA5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetShortPathNameW 7C81F256 5 Bytes JMP 10006F53 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!MoveFileWithProgressW 7C81F716 5 Bytes JMP 10006725 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!SetFilePointerEx 7C82103F 5 Bytes JMP 10007202 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!CopyFileExW 7C827B1A 7 Bytes JMP 10005C61 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!ReadFileEx 7C82BCF3 5 Bytes JMP 10005BDA C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!WriteFileGather 7C82DD9D 7 Bytes JMP 1000718A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!ReadFileScatter 7C82DE49 7 Bytes JMP 10006BE5 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!SetFileAttributesW 7C8314C5 5 Bytes JMP 1000644C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetOverlappedResult 7C8315B4 5 Bytes JMP 100069D0 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!DeleteFileW 7C831F4B 5 Bytes JMP 10006135 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!SetEndOfFile 7C83205E 5 Bytes JMP 10007001 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!FlushViewOfFile 7C835989 5 Bytes JMP 10006D63 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!RemoveDirectoryW 7C836F73 5 Bytes JMP 10005E5A C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!BackupRead 7C8571CA 5 Bytes JMP 10006E31 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!CreateDirectoryExW 7C85B4FA 5 Bytes JMP 10005F4C C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!WriteFileEx 7C85D609 5 Bytes JMP 10005A83 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!GetCompressedFileSizeW 7C85E279 5 Bytes JMP 10007108 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] kernel32.dll!CreateHardLinkW 7C86C44C 7 Bytes JMP 10007236 C:\WINDOWS\system32\wxvault.dll
.text C:\WINDOWS\system32\notepad.exe[6104] USER32.dll!ExitWindowsEx 7E45A275 5 Bytes JMP 100071E7 C:\WINDOWS\system32\wxvault.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device ACAB9D20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- EOF - GMER 1.0.15 ----
  • 0

#5
sjpritch25
Posted 27 March 2009 - 09:13 AM

sjpritch25

    Malware Expert

  • Member
  • PipPip
  • 79 posts
Please download GooredFix and save it to your Desktop.
Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt).
Note: Do not run Option #2 yet.
  • 0

#6
arb505
Posted 27 March 2009 - 07:18 PM

arb505

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the Goored log. Thanks!

GooredFix v1.92 by jpshortstuff
Log created at 20:17 on 27/03/2009 running Option #1 (Amanda)
Firefox version 3.0.7 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3112ca9c-de6d-4884-a869-9855de68056c}"="C:\Documents and Settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}"
  • 0

#7
sjpritch25
Posted 27 March 2009 - 08:56 PM

sjpritch25

    Malware Expert

  • Member
  • PipPip
  • 79 posts
CAn your explain the re-directs a little more thoroughly. I need to know exactly what happens. When did uninstall Dell's Embassey Security Suite Software?
  • 0

#8
arb505
Posted 30 March 2009 - 01:41 PM

arb505

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,
I tested out the laptop this weekend - the re-directs have stopped! But, IE and firefox are still slow and IE often will crash/close unexpectedly. I don't remember uninstalling the Dell Embassey Security Software myself. Please let me know if/how to re-install the program, or if there are other things you see causing my system to run so slowly. Thank you very much!
  • 0

#9
sjpritch25
Posted 30 March 2009 - 03:49 PM

sjpritch25

    Malware Expert

  • Member
  • PipPip
  • 79 posts
Well check and see if Dell Embassey Security Software is installed via Add/Remove programs. How much memory is installed on this machine and what kind of CPU is installed. Just right-click on My Computer, click on Properties, click on the General Tab, that info will be their. Thanks
  • 0

#10
arb505
Posted 31 March 2009 - 10:43 AM

arb505

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,
Embassy Trust Suite by Wave Systems is included in the add/remove programs list. Here is the system information:
Dell Latitude D630
Intell Core 2 Duo CPU
T7300 @ 2.00GHz
1.99 GHz, 2.00 GB of RAM

Thanks very much!
  • 0

#11
sjpritch25
Posted 31 March 2009 - 11:15 AM

sjpritch25

    Malware Expert

  • Member
  • PipPip
  • 79 posts
Do you use the embassy suite software?
  • 0

#12
arb505
Posted 02 April 2009 - 07:05 PM

arb505

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I have never used the Embassy suite. What are the benefits?
  • 0

#13
sjpritch25
Posted 03 April 2009 - 06:17 AM

sjpritch25

    Malware Expert

  • Member
  • PipPip
  • 79 posts
http://www.dell.com/...r...&~tab=topic
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP