Weird advertisement [Archive] - Safer-Networking Forums

jothunder

2009-10-15, 18:13

Hi to you,
When my father works on his computer around midnight, a sound advertisement starts without any page opening or something, there's only a voice talking, and after that, a blue page appears telling that "an error occurs in Windows" then the computer shuts down. And he is not able to install any Windows update. By the way he is running under Windows Vista. Finally, I include in this message a HiJack This log.

Thanks in advance
JoThunder

Hijack This :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:59, on 2009-00-15
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FPKOIN2M\hijackthis-2.0.2[1].exe
C:\Users\JEAN-M~1\AppData\Local\Temp\hijackthis-2.0.2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: D - {9818C164-9A79-35C1-936C-9254C7F14D1A} - C:\Windows\system32\pn82175.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Wolfram Toolbar - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] "C:\Acer\Empowering Technology\SysMonitor.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"
O4 - HKLM\..\Run: [NVRaidService] "C:\Windows\system32\nvraidservice.exe"
O4 - HKLM\..\Run: [LXBRKsk] "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jean-Marie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\Users\JEAN-M~1\AppData\Local\Temp\E_SB58E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; eSobiSubscriber 2.0.4.16; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.pog.com/games/Real_3D_Pool"
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/betaactivescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/webgames/popcaploader_v10_fr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 14601 bytes

Shaba

2009-10-16, 20:48

Hi jothunder

You are now running HijackThis from temp folder.

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

jothunder

2009-10-18, 23:55

Hi, here's the HJT log :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:52, on 2009-00-18
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: D - {9818C164-9A79-35C1-936C-9254C7F14D1A} - C:\Windows\system32\pn82175.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Wolfram Toolbar - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] "C:\Acer\Empowering Technology\SysMonitor.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"
O4 - HKLM\..\Run: [NVRaidService] "C:\Windows\system32\nvraidservice.exe"
O4 - HKLM\..\Run: [LXBRKsk] "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jean-Marie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\Users\JEAN-M~1\AppData\Local\Temp\E_SB58E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; eSobiSubscriber 2.0.4.16; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.pog.com/games/Real_3D_Pool"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/betaactivescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/webgames/popcaploader_v10_fr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 15103 bytes

Thanks,
Jothunder

Shaba

2009-10-19, 06:21

Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)

Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..

jothunder

2009-10-20, 02:16

Hi to you Shaba,

Here's the first part of gmer file content :

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-19 20:08:33
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\JEAN-M~1\AppData\Local\Temp\kwdcypob.sys

---- Kernel code sections - GMER 1.0.15 ----
? C:\Windows\system32\PavTPK.sys Le fichier spécifié est introuvable. !
? C:\Windows\system32\PavSRK.sys Le fichier spécifié est introuvable. !
? system32\drivers\av5flt.sys Le chemin d'accès spécifié est introuvable. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe[172] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe[548] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe[600] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\QuickTime\QTTask.exe[952] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\nvvsvc.exe[1028] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A

jothunder

2009-10-20, 02:19

second part:

.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Windows\System32\nvraidservice.exe[1236] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\LEXBCES.EXE[1516] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\LEXPPS.EXE[1556] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Windows\Explorer.EXE[1632] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F8B0F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F970F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB20F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FAC0F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Windows\Explorer.EXE[1632] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Windows\Explorer.EXE[1632] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FA90F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F8E0F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F910F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA00F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FA60F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F940F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FB50F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[1632] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Windows\Explorer.EXE[1632] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FB80F5A
.text C:\Windows\Explorer.EXE[1632] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA30F5A
.text C:\Windows\Explorer.EXE[1632] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Windows\Explorer.EXE[1632] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FD90F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FBE0F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FBB0F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD30F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FC40F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FC70F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FCD0F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC10F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FCA0F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD00F5A
.text C:\Windows\Explorer.EXE[1632] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FD60F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe[1636] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\rundll32.exe[1880] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1960] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\SYSTEM32\taskeng.exe[1964] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A

jothunder

2009-10-20, 02:21

third part:

.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe[2108] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2220] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe[2264] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] KERNEL32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Acer\Empowering Technology\SysMonitor.exe[2316] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

jothunder

2009-10-20, 02:23

fourth part:

[2624] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] KERNEL32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe[2624] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\RtHDVCpl.exe[2636] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] KERNEL32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664]
ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Acer\Empowering Technology\ePerformance\MemCheck.exe[2664] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\SearchIndexer.exe[2672] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2684] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] KERNEL32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe[2696] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]

jothunder

2009-10-20, 02:25

fifth part:
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Lexmark 3100 Series\lxbrksk.exe[2800] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2988] ws2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3060] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3112] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe[3176] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[3352] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Users\Jean-Marie\Desktop\gmer.exe[3504] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}

jothunder

2009-10-20, 02:27

sixth part:

.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[3804] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F970F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B0, 5F] {MOV AL, 0x5f}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!CreateWindowExW 75DD1305 5 Bytes JMP 6B72D67C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F910F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F940F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FB50F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxParamW 75DF10B0 5 Bytes JMP 6B655435 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamW 75DF2EF5 5 Bytes JMP 6B82418F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxParamA 75E08152 5 Bytes JMP 6B82412C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamA 75E0847D 5 Bytes JMP 6B8241F2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxIndirectA 75E1D4D9 5 Bytes JMP 6B8240C1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxIndirectW 75E1D5D3 5 Bytes JMP 6B824056 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxExA 75E1D639 5 Bytes JMP 6B823FF4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] USER32.dll!MessageBoxExW 75E1D65D 5 Bytes JMP 6B823F92 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FD90F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!recv 76F2343A 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!connect 76F240D9 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!send 76F2659B 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!sendto 76F267C5 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3856] ws2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[4012] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A

jothunder

2009-10-20, 03:00

Next

.text C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe[4052] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\SYSTEM32\taskeng.exe[4100] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4152] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[4544] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] KERNEL32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE[4828] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe[4864] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!CreateDialogParamW 75DC72A2 5 Bytes JMP 6B72DA08 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!GetAsyncKeyState 75DC863C 5 Bytes JMP 6B6490EF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!SetWindowsHookExW 75DC87AD 5 Bytes JMP 6B7297F5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!CallNextHookEx 75DC8E3B 5 Bytes JMP 6B71CE79 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!UnhookWindowsHookEx 75DC98DB 5 Bytes JMP 6B69466C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!EnableWindow 75DCCD8B 5 Bytes JMP 6B72D895 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!CreateWindowExW 75DD1305 5 Bytes JMP 6B72D67C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!GetKeyState 75DD8CB1 5 Bytes JMP 6B72CE43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!IsDialogMessageW 75DE0745 5 Bytes JMP 6B655947 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!CreateDialogParamA 75DE17AA 5 Bytes JMP 6B824DFB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!IsDialogMessage 75DE1847 5 Bytes JMP 6B824697 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!CreateDialogIndirectParamA 75DE26F1 5 Bytes JMP 6B824E32 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!CreateDialogIndirectParamW 75DE9A62 5 Bytes JMP 6B824E69 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!SetKeyboardState 75DF0987 5 Bytes JMP 6B824A06 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!DialogBoxParamW 75DF10B0 5 Bytes JMP 6B655435 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!DialogBoxIndirectParamW 75DF2EF5 5 Bytes JMP 6B82418F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!SendInput 75DF2F75 5 Bytes JMP 6B8255C3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!EndDialog 75DF326E 5 Bytes JMP 6B657DEE C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!SetCursorPos 75E06FB2 5 Bytes JMP 6B825617 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!DialogBoxParamA 75E08152 5 Bytes JMP 6B82412C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!DialogBoxIndirectParamA 75E0847D 5 Bytes JMP 6B8241F2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!MessageBoxIndirectA 75E1D4D9 5 Bytes JMP 6B8240C1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!MessageBoxIndirectW 75E1D5D3 5 Bytes JMP 6B824056 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!MessageBoxExA 75E1D639 5 Bytes JMP 6B823FF4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!MessageBoxExW 75E1D65D 5 Bytes JMP 6B823F92 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] USER32.dll!keybd_event 75E1D972 5 Bytes JMP 6B825947 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] SHELL32.dll!SHRestricted + D95 75FF8988 4 Bytes [4D, 30, 0A, 6E] {DEC EBP; XOR [EDX], CL; OUTSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] SHELL32.dll!SHRestricted + D9D 75FF8990 8 Bytes [57, 2F, 0A, 6E, 9C, 5B, 09, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ole32.dll!OleLoadFromStream 758D1E12 5 Bytes JMP 6B8244F7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ole32.dll!CoCreateInstance 75909EA6 5 Bytes JMP 6B72D6D8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!closesocket 76F2330C 6 Bytes JMP 6D5FEEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!recv 76F2343A 6 Bytes JMP 6D5FF1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!socket 76F236D1 5 Bytes JMP 6D5FE59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!connect 76F240D9 6 Bytes JMP 6D5FE62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!getaddrinfo 76F2418A 5 Bytes JMP 6D5FE71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!send 76F2659B 6 Bytes JMP 6D5FE9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5100] ws2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[5120] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]

jothunder

2009-10-20, 03:02

Next:

.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe[5160] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe[5248] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[5376] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[5452] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtClose 77204314 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtClose + 4 77204318 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtCreateFile 772043D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtCreateFile + 4 772043D8 2 Bytes [6B, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtCreateKey 77204414 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtCreateKey + 4 77204418 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtDeleteFile 772047B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtDeleteFile + 4 772047B8 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtDeleteKey 772047C4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtDeleteKey + 4 772047C8 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtDeleteValueKey 772047F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtDeleteValueKey + 4 772047F8 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtDuplicateObject 77204824 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtDuplicateObject + 4 77204828 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtEnumerateKey 77204864 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtEnumerateKey + 4 77204868 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtEnumerateValueKey 77204894 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtEnumerateValueKey + 4 77204898 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtLoadDriver 77204A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtLoadDriver + 4 77204A68 2 Bytes [83, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtOpenFile 77204BB4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtOpenFile + 4 77204BB8 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtQueryMultipleValueKey 77204EC4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtQueryMultipleValueKey + 4 77204EC8 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtQueryValueKey 77204FD4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtQueryValueKey + 4 77204FD8 2 Bytes [62, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtReadFile 77205034 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtReadFile + 4 77205038 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtSetContextThread 77205224 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtSetContextThread + 4 77205228 2 Bytes [80, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtSetInformationFile 772052E4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtSetInformationFile + 4 772052E8 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtSetValueKey 77205454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtSetValueKey + 4 77205458 2 Bytes [65, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtUnloadKey 77205584 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtUnloadKey + 4 77205588 2 Bytes [68, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtWriteFile 77205644 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtWriteFile + 4 77205648 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtWriteVirtualMemory 77205674 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ntdll.dll!NtWriteVirtualMemory + 4 77205678 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!TerminateProcess 75A018EF 6 Bytes JMP 5F310F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!CopyFileExW 75A10211 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!MoveFileWithProgressW 75A210A4 6 Bytes JMP 5F460F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!CreateFileMappingW 75A210E8 6 Bytes JMP 5F400F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!CreateFileMappingA 75A222BE 6 Bytes JMP 5F370F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!MapViewOfFile 75A468F0 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!MapViewOfFileEx 75A4A881 6 Bytes JMP 5F340F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!CreateRemoteThread 75A4C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] kernel32.dll!CreateRemoteThread + 4 75A4C939 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!StartServiceA 76D1A24D 6 Bytes JMP 5F250F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!OpenServiceA 76D32EBD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!StartServiceW 76D33E0B 6 Bytes JMP 5F280F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!CloseServiceHandle 76D382A5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!OpenServiceW 76D38354 6 Bytes JMP 5F220F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!CreateServiceW 76D59EB4 6 Bytes JMP 5F190F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!ControlService 76D59FB8 6 Bytes JMP 5F130F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!DeleteService 76D5A07E 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!LsaAddAccountRights 76D7B4D9 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!LsaRemoveAccountRights 76D7B569 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!ChangeServiceConfigA 76D96DD9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!ChangeServiceConfigW 76D96F81 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!ChangeServiceConfig2A 76D97099 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!ChangeServiceConfig2W 76D971E1 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ADVAPI32.dll!CreateServiceA 76D972A1 6 Bytes JMP 5F160F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!SetWindowsHookExA 75DC6322 6 Bytes JMP 5F910F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!GetAsyncKeyState 75DC863C 6 Bytes JMP 5F9D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!SetWindowsHookExW 75DC87AD 6 Bytes JMP 5FB80F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!SetWinEventHook 75DC9F3A 6 Bytes JMP 5FB20F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!GetKeyboardState 75DCBD7D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!GetKeyboardState + 4 75DCBD81 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!CreateAcceleratorTableW 75DCD077 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!CreateAcceleratorTableW + 4 75DCD07B 2 Bytes [B6, 5F] {MOV DH, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!PostMessageA 75DCF8F8 6 Bytes JMP 5FAF0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!BeginDeferWindowPos 75DD4631 6 Bytes JMP 5F940F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!DispatchMessageA 75DD8B6D 6 Bytes JMP 5F970F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!GetKeyState 75DD8CB1 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!PostMessageW 75DDA175 6 Bytes JMP 5FAC0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!TranslateMessage 75DE01AD 6 Bytes JMP 5F9A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!DispatchMessageW 75DE021C 6 Bytes JMP 5FBB0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!AttachThreadInput 75DF23F5 3 Bytes [FF, 25, 1E]

jothunder

2009-10-20, 03:03

Next:

.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DBA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73D6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73DECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73D8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E08E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E090994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E08A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E091D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E092999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E08DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E08D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E09FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E0A051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E09EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E09F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E09EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E09E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E09ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E08E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E092CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E092926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E092999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E08BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E09173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E08BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E090F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E0914E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E08ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E08BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E091D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E08C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E09103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E090994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E091614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E090921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6E08A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6E08A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E08E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E090C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E08DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E08D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E08D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E08C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E092999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E08BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E08BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E08E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E092CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E092926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E0923A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E08BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E08FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E08F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E09ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E09E43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E09EDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E09F9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E09E9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E09E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E09EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E0A020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E09F4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E09EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E09FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E09F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E0A051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E09FF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E0A0085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E0A0395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E09FDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E09F677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E08CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E092999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E090C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E08D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E08D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E08DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E08EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E091D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E08E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E08CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6E08A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E090994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E08C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E08BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E08CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E08D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E091614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E09103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E08C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E08BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E0909B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E08C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E08C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E08C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E08F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E08FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E08F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E0965DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E09620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E097595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E0960AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E09615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E0975E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E096533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E09799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E09684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E096E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E096AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E096B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E097281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E096716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E0971ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E097021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E097FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E097159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E0968E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6E096BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E096803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E096F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E0963A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E0980BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

jothunder

2009-10-20, 03:26

next:

.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!AttachThreadInput + 4 75DF23F9 2 Bytes [A1, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!SetClipboardData 75E06410 6 Bytes JMP 5FBE0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] USER32.dll!DdeConnect 75E09A1F 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ole32.dll!CoGetClassObject 758EFABC 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ole32.dll!CLSIDFromProgIDEx 758F0E12 6 Bytes JMP 5F850F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ole32.dll!CoCreateInstanceEx 75909EE9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ole32.dll!CLSIDFromProgID 7590DB0F 6 Bytes JMP 5F880F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!closesocket 76F2330C 6 Bytes JMP 5FDF0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!recv 76F2343A 6 Bytes JMP 5FC40F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!connect 76F240D9 6 Bytes JMP 5FC10F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSASend 76F24496 6 Bytes JMP 5FD90F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!send 76F2659B 6 Bytes JMP 5FCA0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!sendto 76F267C5 6 Bytes JMP 5FCD0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSARecv 76F28400 6 Bytes JMP 5FD30F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5FC70F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5FD00F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5FD60F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[5464] ws2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5FDC0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[5472] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!closesocket 76F2330C 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!recv 76F2343A 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!connect 76F240D9 6 Bytes JMP 5F040F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSASend 76F24496 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!send 76F2659B 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!sendto 76F267C5 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSARecv 76F28400 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!recvfrom 76F28E15 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSAConnect 76F2D7B0 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSARecvFrom 76F38B38 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\unsecapp.exe[5812] WS2_32.dll!WSASendTo 76F3A474 6 Bytes JMP 5F1F0F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73D67817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DBA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73D6BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73D5F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73D675E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73D5E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D98395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73D6DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73D5FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73D5FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73D571CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73DECAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73D8C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73D5D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73D56853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73D5687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73D62AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [10002300] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread] [10001B30] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10002690] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Windows\Explorer.EXE[1632] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001290] C:\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Acer eDataSecurity Management PSD DragDrop Protection/Egis Incorporated)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6E08E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6E090994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6E08A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E091D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6E092999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E08DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E08D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E09FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6E0A051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6E09EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6E09F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6E09EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6E09E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6E09ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6E08E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6E092CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6E092926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6E092999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6E08BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6E09173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6E08BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6E090F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6E0914E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6E08ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6E08BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E091D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6E08C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6E09103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6E090994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6E091614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6E090921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6E08A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6E08A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6E08E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6E090C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E08DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E08D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6E08D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6E08C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6E092999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6E08BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6E08BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6E08E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6E092CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6E092926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6E0923A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6E08BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6E08FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6E08F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6E09ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6E09E43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6E09EDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6E09F9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6E09E9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6E09E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6E09EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6E0A020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6E09F4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6E09EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6E09FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6E09F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6E0A051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6E09FF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6E0A0085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6E0A0395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6E09FDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6E09F677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6E08CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6E092999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6E090C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6E08D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6E08D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6E08DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6E08EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6E091D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6E08E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6E08CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6E08A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6E090994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6E08C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6E08BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6E08CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6E08D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6E091614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6E09103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6E08C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6E08BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6E0909B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6E08C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6E08C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6E08C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6E08F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6E08FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6E08F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E0965DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6E09620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6E097595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6E0960AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6E09615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6E0975E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6E096533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6E09799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6E09684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6E096E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6E096AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6E096B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6E097281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6E096716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6E0971ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6E097021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6E097FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6E097159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6E0968E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6E096BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6E096803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6E096F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6E0963A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6E0980BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6E098513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6E098176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6E097BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6E098235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6E09697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6E096DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6E096D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E09731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E096EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E096C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E096AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E0978EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E0963F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E0976D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E098732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E09777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E097831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

jothunder

2009-10-20, 03:33

Final topic:

[6E096D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6E09731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6E096EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6E096C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6E096AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6E0978EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6E0963F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6E0976D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6E098732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6E09777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6E097831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6E09667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6E097636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6E08BB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6E093ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6E093035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6E09007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6E091AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6E08A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6E08EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6E08C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6E08C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6E08E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6E08FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6E08BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6E08FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6E098235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6E0981D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6E0972CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6E0975E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6E0976D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6E0965DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6E09788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6E0986D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6E0978EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6E098732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6E096533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5100] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6E0882F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys
AttachedDevice \Driver\tdx \Device\Tcp NETFLTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp NETFLTDI.SYS

---- Files - GMER 1.0.15 ----

File C:\Users\Jean-Marie\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{32AF3113-BD0A-11DE-9080-001D92A5CE67}.dat 4608 bytes
File C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IJ99HEW7\bullet[1] 3169 bytes
File C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IJ99HEW7\ErrorPageTemplate[1] 2168 bytes
File C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\IJ99HEW7\favcenter[1] 3366 bytes
File C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N06OMTWK\down[1] 3414 bytes
File C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N06OMTWK\info_48[1] 6993 bytes
File C:\Users\Jean-Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N06OMTWK\offcancl[1] 6149 bytes

---- EOF - GMER 1.0.15 ----
hope you had a good reading :clown:

and hope it was helpful

Shaba

2009-10-20, 05:34

Nothing special there.

Does that advertisement take place in IE or also in other browsers?

jothunder

2009-10-20, 17:09

The advertisement take place in IE and sometime without any reason a blue screen talking about an error appears and then the computer shuts down.

And since my first topic, there's 4 Windows Update that don't want to install. The most weird is that yesterday there was a new update for Windows Vista, this installed itself without problems, but the four others are still there and they are not installed.

Shaba

2009-10-20, 17:49

So it might be IE glitch. Have you tried using other browsers to test if it occurs there as well?

jothunder

2009-10-22, 00:56

We are trying some now, we will try Google Chrome and Firefox.

Does it make sense for you??

jothunder

2009-10-22, 01:10

Or is there any other things that I can do to help you find the problem??

Shaba

2009-10-22, 07:43

Yes those would be good to try :)

jothunder

2009-10-23, 22:10

after our tries, it seems that the problem is only in Internet Explorer. Firefox and Google Chrome runs good and there is no sound coming from anywhere!

So thats where we are. I hope that you have an idea, because I don't know what to do.:confused:

Shaba

2009-10-24, 11:11

OK, that was expected :)

IE isn't as secure as those browsers so it might be explanation.

In which website(s) sound comes using IE?

jothunder

2009-10-26, 00:03

There are no specific website that the sound appear.
It may happen when we open IE so we are on google, and it can appear sometime else when we are on Shockwave games, by exemple.

Shaba

2009-10-26, 06:27

So it shows that those are IE specific ads.

Easiest solution would be switching it to Firefox/Chrome/Opera.

If you don't want to do that, you might want to give ie7pro (http://www.ie7pro.com) a try :)

jothunder

2009-10-27, 01:16

Ok thanks for your advices but my father still have five Windows Updates that don't want to install...:confused:, I send you a new HijackThis log just to make sure that I've done it right.

I've put you something in bold in the text about WormRadar. I don't know if I have to take it suspect, well you know that better than me:D:!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:28, on 2009-00-26
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Lexmark 3100 Series\lxbrksk.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
C:\Program Files\CrossLoop\CrossLoopConnect.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\CrossLoop\winvnc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: D - {9818C164-9A79-35C1-936C-9254C7F14D1A} - C:\Windows\system32\pn82175.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Barre d'outils - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Wolfram Toolbar - {9E709AEF-74F7-4DA3-A7FC-F3E2D5A8D793} - C:\Program Files\Wolfram Research\WolframToolbar\1.0\WolframBands32.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] "C:\Acer\Empowering Technology\SysMonitor.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe"
O4 - HKLM\..\Run: [NVRaidService] "C:\Windows\system32\nvraidservice.exe"
O4 - HKLM\..\Run: [LXBRKsk] "C:\PROGRA~1\LEXMAR~1\LXBRKsk.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Jean-Marie\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\Users\JEAN-M~1\AppData\Local\Temp\E_SB58E.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; eSobiSubscriber 2.0.4.16; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729)" -"http://www.pog.com/games/Real_3D_Pool"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - http://acs.pandasoftware.com/betaactivescan/cabs/as2stubie.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/webgames/popcaploader_v10_fr.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 15362 bytes

Thanks for your help and your precious time.:D:

Shaba

2009-10-27, 06:35

That is AVG leftover, you can fix it.

As for updates, which specific ones they are?

jothunder

2009-10-28, 03:05

Here are the updates, but excuse myself if it is not the right terms, because I'm translating french to english.

#1. Security update for Microsoft Works 8 (KB973636)
#2. Security update for Microsoft Office Visio 2007 viewer (KB973709)
#3. Security update for Microsoft Office System 2007 (KB972581)
#4. Security update for Microsoft Office System 2007 (KB974234)
#5. Visio 2007 viewer Service Pack 2 (SP2)

Thanks to you

Shaba

2009-10-28, 06:12

OK so most of those are related to office.

Have you tried uninstalling/reinstalling office to see if they install after that?

Shaba

2009-11-07, 10:41

Due to the lack of feedback this Topic is closed.

If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

Everyone else please begin a New Topic.