Nevermind, everything went off without a hitch. There seems to be a whole lot, my sister had my computer for about a year and I just got it back. I really need it to be secure and cleaned as I am looking at a promotion at work that will allow me to work from home, but I must work from a desktop and it is integral that it be secure. Thank you so much for answering my post and sorry about the amount of stuff that seems to be here....here are the logs
DDS TEXTInternet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.539 [GMT -5:00]
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ThreatFire\TFService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\KR\Desktop\dds.com
============== Pseudo HJT Report ===============
uWindow Title = Windows Internet Explorer provided by Yahoo!
uStart Page =
hxxp://www.comcast.net/uDefault_Page_URL =
hxxp://www.yahoo.commDefault_Page_URL =
hxxp://www.yahoo.commStart Page =
hxxp://www.yahoo.comuInternet Connection Wizard,ShellNext = iexplore
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Free Traffic Bar Toolbar: {0ed0633c-a54d-47f1-94e7-5bded41ae674} - c:\program files\free_traffic_bar\tbFree.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: RetailMeNot Toolbar: {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - c:\program files\retailmenot\tbReta.dll
TB: RetailMeNot Toolbar: {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - c:\program files\retailmenot\tbReta.dll
TB: ShopAtHome Toolbar: {98279c38-de4b-4bcf-93c9-8ec26069d6f4} - c:\program files\selectrebates\toolbar\ShopAtHomeToolbar.dll
TB: Free Traffic Bar Toolbar: {0ed0633c-a54d-47f1-94e7-5bded41ae674} - c:\program files\free_traffic_bar\tbFree.dll
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File
TB: {9B393B85-708D-4E61-9529-2FA61D4A4904} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [ThreatFire] c:\program files\threatfire\TFTray.exe
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [CTCheck] c:\program files\creative\creative zen\zen media explorer\CTCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\kimber~1\applic~1\mozilla\firefox\profiles\y4idb8i7.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage -
hxxp://www.comcast.net/home.htmlFF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\yahoo!\shared\npYState.dll
ATTENTION: FIREFOX POLICES IS IN FORCE FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13
============= SERVICES / DRIVERS ===============
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2008-12-28 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2008-12-28 39200]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-10-4 201320]
R1 Start1Driver;Start1Driver;c:\windows\system32\drivers\Start1Driver.sys [2008-12-26 3584]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;"c:\program files\leapfrog\leapfrog connect\CommandService.exe" [2008-11-25 991232]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-7-2 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-10-4 144704]
R2 Start2Driver;Start2Driver;c:\windows\system32\drivers\Start2Driver.sys [2008-12-26 4096]
R2 ThreatFire;ThreatFire;c:\program files\threatfire\TFService.exe service []
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-10-4 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-10-4 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-10-4 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-10-4 40488]
R3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys [2008-12-28 33056]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2003-11-17 99476]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-10-4 33832]
S3 scrcap;scrcap;c:\windows\system32\drivers\scrcap.sys []
=============== Created Last 30 ================
2008-12-30 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AppRanger
2008-12-30 16:58 <DIR> -cd----- c:\program files\AppRanger
2008-12-28 23:38 51,488 a------- c:\windows\system32\drivers\TfFsMon.sys
2008-12-28 23:38 39,200 a------- c:\windows\system32\drivers\TfSysMon.sys
2008-12-28 23:38 33,056 a------- c:\windows\system32\drivers\TfNetMon.sys
2008-12-28 23:38 12,576 a------- c:\windows\system32\drivers\TfKbMon.sys
2008-12-28 23:38 <DIR> -cd----- c:\program files\ThreatFire
2008-12-28 23:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2008-12-28 20:49 <DIR> -cd----- c:\program files\EsetOnlineScanner
2008-12-28 19:57 <DIR> -cd----- c:\program files\Trend Micro
2008-12-28 19:35 <DIR> -cd----- c:\program files\SpywareGuard
2008-12-27 23:48 11,658 a------- C:\CTMeasureTiming.ini
2008-12-26 13:51 <DIR> -cd----- c:\docume~1\kimber~1\applic~1\Malwarebytes
2008-12-26 13:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-26 13:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 13:51 <DIR> -cd----- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 13:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-26 13:42 4,096 a------- c:\windows\system32\drivers\Start2Driver.SYS
2008-12-26 13:42 3,584 a------- c:\windows\system32\drivers\Start1Driver.SYS
2008-12-25 21:32 <DIR> -cd----- c:\docume~1\kimber~1\applic~1\World-LooM
2008-12-25 21:31 <DIR> -cd----- c:\program files\Fix-it-up - Kates Adventure
2008-12-25 20:56 110 a------- c:\windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2008-12-25 20:56 <DIR> --d----- c:\windows\CF055C57A98842E6BDAFE3D94C6973A8.TMP
2008-12-25 20:56 <DIR> -cd----- c:\program files\common files\Wise Installation Wizard
2008-12-25 20:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Leapfrog
2008-12-25 20:53 <DIR> -cd----- c:\program files\LeapFrog
2008-12-25 18:57 53,248 -------- c:\windows\Ctregrun.exe
2008-12-25 18:56 417,792 a------- c:\windows\system32\awrdscdc.ax
2008-12-25 18:56 24,576 -------- c:\windows\system32\msxml3a.dll
2008-12-25 18:55 <DIR> -cd----- c:\program files\Audible
2008-12-25 18:53 25,088 -------- c:\windows\system32\CTSVCCTL.EXE
2008-12-25 18:53 44,032 -------- c:\windows\system32\CTSVCCDA.EXE
2008-12-25 18:53 <DIR> -cd----- c:\program files\common files\Creative
2008-12-25 18:53 <DIR> -cd-h--- c:\program files\Creative Installation Information
2008-12-25 18:53 <DIR> -cd----- c:\program files\Creative
2008-12-25 18:48 2,392 a------- C:\autorun.PNF
2008-12-23 19:23 54,156 a---h--- c:\windows\QTFont.qfn
2008-12-23 19:23 1,409 a------- c:\windows\QTFont.for
2008-12-22 15:06 <DIR> -cd----- c:\program files\LeeGTs Games
2008-12-22 14:12 <DIR> -cd----- c:\program files\videosoft
2008-12-22 13:02 <DIR> -cd----- c:\program files\iWin.com
2008-12-22 12:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\iWin Games
2008-12-22 10:42 <DIR> -cd----- c:\program files\County Fair
2008-12-18 14:24 371,710 a------- C:\AnalysisLog.sr0
2008-12-15 21:00 <DIR> -cd----- c:\program files\SystemRequirementsLab
2008-12-15 20:18 <DIR> --d----- c:\windows\$regcmp$
2008-12-15 20:04 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll
2008-12-15 20:04 452,440 a------- c:\windows\system32\d3dx10_40.dll
2008-12-15 20:04 4,379,984 a------- c:\windows\system32\D3DX9_40.dll
2008-12-15 20:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-12-15 20:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-12-15 20:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-12-15 20:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-12-15 18:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SimCity Societies
2008-12-15 18:54 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-15 15:53 2,117,632 a------- c:\windows\system32\python25.dll
2008-12-15 15:53 339,968 a------- c:\windows\system32\pythoncom25.dll
2008-12-15 15:53 114,688 a------- c:\windows\system32\pywintypes25.dll
2008-12-15 15:53 1,332,197 a------- c:\windows\system32\pythondll.zip
2008-12-14 23:26 <DIR> -cd----- c:\program files\Pictureka - Museum Mayhem
2008-12-04 20:37 <DIR> --d----- c:\windows\Logs
==================== Find3M ====================
2008-12-15 15:53 348,160 ac------ c:\windows\system32\msvcr71.dll
2008-12-13 01:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-10 20:40 43,324 ac------ c:\docume~1\kimber~1\applic~1\wklnhst.dat
2008-10-24 06:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 07:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 08:11 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 08:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 11:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 02:06 633,632 a--s---- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 02:04 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2008-02-29 15:49 0 ac------ c:\program files\temp01
2007-12-16 20:10 247,520 ac------ c:\docume~1\kimber~1\applic~1\GDIPFONTCACHEV1.DAT
2007-10-30 17:04 32,768 ac------ c:\documents and settings\kr\WebVpnRegKey4-myselect-selectmedicalcorp-com.dll
2007-08-31 08:35 110 ac------ c:\docume~1\alluse~1\applic~1\MostFunGameId.bin
2006-09-18 18:45 774,144 ac------ c:\program files\RngInterstitial.dll
2007-02-06 16:09 168 -c-shr-- c:\windows\system32\11B88329DC.sys
2008-03-13 17:13 80 -c-shr-- c:\windows\system32\DC2983B811.dll
2006-12-29 12:06 56 -c-shr-- c:\windows\system32\DC2983B811.sys
2007-02-06 16:09 8,354 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-09-07 15:19 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat
============= FINISH: 12:10:45.20 ===============
ATTACH TEXTUNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Version 1.0)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/6/2006 10:32:28 AM
System Uptime: 1/2/2009 11:53:59 AM (1 hours ago)
Motherboard: Dell Computer Corp. | | 0WF887
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2528/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 53 GiB total, 32.741 GiB free.
D: is FIXED (NTFS) - 18 GiB total, 17.785 GiB free.
E: is CDROM (CDFS)
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP468: 11/8/2008 12:35:42 AM - System Checkpoint
RP469: 11/9/2008 1:31:12 AM - System Checkpoint
RP470: 11/10/2008 2:31:09 AM - System Checkpoint
RP471: 11/11/2008 3:31:08 AM - System Checkpoint
RP472: 11/12/2008 4:45:38 AM - System Checkpoint
RP473: 11/13/2008 3:00:22 AM - Software Distribution Service 3.0
RP474: 11/14/2008 3:43:57 AM - System Checkpoint
RP475: 11/15/2008 4:38:56 AM - System Checkpoint
RP476: 11/16/2008 5:38:56 AM - System Checkpoint
RP477: 11/17/2008 6:38:56 AM - System Checkpoint
RP478: 11/18/2008 7:46:39 AM - System Checkpoint
RP479: 11/20/2008 9:52:34 PM - System Checkpoint
RP480: 11/21/2008 9:58:02 PM - System Checkpoint
RP481: 11/22/2008 11:15:33 PM - System Checkpoint
RP482: 11/23/2008 8:45:34 PM - Installed Media Semantics Character Builder
RP483: 11/23/2008 8:51:02 PM - Installed Microsoft Mike+Mary Speech Pack
RP484: 11/24/2008 11:30:24 PM - System Checkpoint
RP485: 11/25/2008 11:58:06 PM - System Checkpoint
RP486: 11/27/2008 12:58:05 AM - System Checkpoint
RP487: 11/28/2008 1:58:02 AM - System Checkpoint
RP488: 11/29/2008 3:26:01 AM - System Checkpoint
RP489: 11/30/2008 3:30:39 AM - System Checkpoint
RP490: 12/1/2008 3:54:00 AM - System Checkpoint
RP491: 12/2/2008 4:53:56 AM - System Checkpoint
RP492: 12/3/2008 5:44:09 AM - System Checkpoint
RP493: 12/4/2008 6:44:08 AM - System Checkpoint
RP494: 12/4/2008 7:48:00 PM - Removed Media Semantics Character Builder
RP495: 12/4/2008 8:38:02 PM - Installed DirectX
RP496: 12/5/2008 9:21:41 PM - System Checkpoint
RP497: 12/7/2008 12:51:20 AM - System Checkpoint
RP498: 12/8/2008 1:44:14 AM - System Checkpoint
RP499: 12/9/2008 2:29:00 AM - System Checkpoint
RP500: 12/10/2008 2:37:59 AM - System Checkpoint
RP501: 12/10/2008 3:00:33 AM - Software Distribution Service 3.0
RP502: 12/11/2008 3:00:18 AM - Software Distribution Service 3.0
RP503: 12/12/2008 3:15:08 AM - System Checkpoint
RP504: 12/13/2008 4:15:11 AM - System Checkpoint
RP505: 12/14/2008 5:15:09 AM - System Checkpoint
RP506: 12/15/2008 6:15:06 AM - System Checkpoint
RP507: 12/15/2008 6:38:36 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP508: 12/15/2008 6:39:21 PM - Installed SimCity™ Societies
RP509: 12/15/2008 7:52:07 PM - Removed SimCity™ Societies
RP510: 12/15/2008 8:04:31 PM - Installed DirectX
RP511: 12/15/2008 8:10:27 PM - Software Distribution Service 3.0
RP512: 12/15/2008 9:07:56 PM - Installed SimCity™ Societies
RP513: 12/16/2008 9:53:11 PM - System Checkpoint
RP514: 12/17/2008 10:29:44 PM - System Checkpoint
RP515: 12/18/2008 3:00:17 AM - Software Distribution Service 3.0
RP516: 12/19/2008 3:22:21 AM - System Checkpoint
RP517: 12/20/2008 4:22:24 AM - System Checkpoint
RP518: 12/21/2008 5:22:20 AM - System Checkpoint
RP519: 12/21/2008 12:21:35 PM - Removed SimCity™ Societies
RP520: 12/22/2008 2:40:06 PM - System Checkpoint
RP521: 12/22/2008 3:06:09 PM - Installed Miss Popularity
RP522: 12/23/2008 3:26:46 PM - System Checkpoint
RP523: 12/24/2008 4:22:21 PM - System Checkpoint
RP524: 12/25/2008 6:44:58 PM - System Checkpoint
RP525: 12/25/2008 6:53:20 PM - Installed Creative ZEN (DVP-FL0001)
RP526: 12/30/2008 4:58:38 PM - Installed AppRanger
RP527: 12/30/2008 5:13:25 PM - Removed AppRanger
==== Installed Programs ======================
1500
1500_Help
1500Trb
2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.3
Adobe Shockwave Player
Advanced WindowsCare 2.55 Personal
AiO_Scan
AiOSoftware
Apple Software Update
ArcSoft Software Suite
AudibleManager
Banctec Service Agreement
BCL easyPDF Printer Driver 4.3
Big Fish Games Client
BufferChm
CCleaner (remove only)
Citrix Presentation Server Client - Web Only
Conexant D850 56K V.9x DFVc Modem
County Fair
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
Creative System Information
Creative ZEN
CueTour
CustomerResearchQFolder
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Resource CD
Dell Support 3.1
Dell System Restore
Desktop Doctor
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Digital Content Portal
Digital Line Detect
DocProc
Documentation & Support Launcher
DocumentViewer
DocumentViewerQFolder
ELIcon
ESET Online Scanner
eSupportQFolder
Fax
Fix-it-up: Kate`s Adventure
Free Registry Defrag
Free_Traffic_Bar Toolbar
FullDPAppQFolder
Games, Music, & Photos Launcher
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
HPProductAssistant
InstantShareDevices
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
KODAK EASYSHARE Gallery Upload ActiveX Control
LeapFrog Connect
LeapFrog Didj Plugin
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
MarketResearch
McAfee SecurityCenter
MCU
MedRemote WebTop
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Library 9 - Blocker
Microsoft Digital Image Standard 2006
Microsoft Digital Image Standard 2006 Editor
Microsoft Digital Image Standard 2006 Library
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Mike+Mary Speech Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetWaiting
NewCopy
Paint Shop Pro 7 ESD
PanoStandAlone
Photo Toolkit 1.7
PhotoGallery
Pictureka! - Museum Mayhem
ProductContext
QuickTime
RandMap
Readme
RealArcade
RealPlayer
RetailMeNot Toolbar
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB957097)
SkinsHP1
Skype™ 3.8
SolutionCenter
Sonic_PrimoSDK
SoundMAX
Spybot - Search & Destroy
Status
System Requirements Lab
Taskbar Calculator
ThreatFire 4.0
TrayApp
Unload
videosoft
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Movie Maker 2.0
Windows Presentation Foundation
Windows XP Service Pack 3
Word Riot Deluxe
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
XviD MPEG-4 Video Codec
Yahoo! Messenger
ZD Recorder 3.0.1.0
ZENcast Organizer
==== Event Viewer Messages From Past Week ========
12/26/2008 4:31:55 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
12/26/2008 8:25:00 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
12/26/2008 8:25:00 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2.
12/26/2008 8:25:00 AM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\MSIInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
12/26/2008 8:25:00 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest. Reference error message: The operation completed successfully. .
12/26/2008 8:25:00 AM, error: SideBySide [58] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2.
12/26/2008 8:25:00 AM, error: SideBySide [61] - Syntax error in manifest or policy file "C:\Program Files\Apple Software Update\Plugins\EXEInstallPlugin.dll.Manifest" on line 2. The required attribute version is missing from element assemblyIdentity.
12/26/2008 12:55:45 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
12/30/2008 1:57:32 PM, error: Dhcp [1002] - The IP address lease 68.83.151.84 for the Network Card with network address 0016765234BC has been denied by the DHCP server 68.87.75.17 (The DHCP Server sent a DHCPNACK message).
==== End Of File ===========================
GMER TEXTGMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-01-02 12:30:08
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF772ADFA]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF772AFEA]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF772B08C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF772ACEE]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF772B224]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF772C798]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xECE669AA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xECE66958]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xECE6696C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xECE66AF9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xECE66ADE]
Code 86A5F150 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xECE669EA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xECE66B23]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xECE66930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xECE66944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xECE669BE]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xECE66B5F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xECE66AC8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xECE66AB4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xECE66A6D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xECE66B4B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xECE66B37]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xECE66996]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xECE66982]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xECE66B0D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xECE66A00]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xECE669D4]
Code ED097E99 pIofCallDriver
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.14 ----
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP ECE669D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 5 Bytes JMP ECE66AB8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP ECE669AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP ECE66986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP ECE66B63 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP ECE66AFD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP ECE66934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP ECE669C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP ECE66A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP ECE669EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 86A5F154
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC6C 7 Bytes JMP ECE66970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP ECE66948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP ECE66B27 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP ECE66AE2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess 805B136A 2 Bytes JMP ECE6695C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateProcess + 4 805B136E 1 Byte [ 6C ]
PAGE ntoskrnl.exe!ZwSetContextThread 8062DCF7 5 Bytes JMP ECE6699A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064DA12 7 Bytes JMP ECE66B11 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E338 7 Bytes JMP ECE66ACC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064E7B6 7 Bytes JMP ECE66A71 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064ECA9 5 Bytes JMP ECE66B3B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F112 5 Bytes JMP ECE66B4F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4C, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F690F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F720F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F240F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F210F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F570F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6F0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F660F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3F0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F330F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F600F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F630F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F750F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F420F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F450F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7C, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F510F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F780F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F480F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F360F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 55, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F300F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F270F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[200] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[300] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\HPZipm12.exe[400] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0FEF
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0F77
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0062
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0051
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0040
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB0FAF
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB007D
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0F41
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB0EFF
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB008E
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DB00B3
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DB0F9E
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DB0FD4
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DB0F52
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DB0025
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DB000A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DB0F1A
.text C:\WINDOWS\system32\svchost.exe[628] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D90014
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D9004A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D90FCD
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D90FDE
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D90F97
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D90FEF
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00D90FA8
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ F9, 88 ]
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D9002F
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[628] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[628] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[628] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[628] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[628] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[628] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[628] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00DA000A
.text C:\WINDOWS\system32\svchost.exe[628] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00DA0FEF
.text C:\WINDOWS\system32\svchost.exe[628] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00DA001B
.text C:\WINDOWS\system32\svchost.exe[628] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00DA002C
.text C:\WINDOWS\system32\svchost.exe[628] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D70FEF
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\winlogon.exe[656] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\winlogon.exe[656] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[656] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[656] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 44, 5F ]
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 32, 5F ]
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010B0000
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010B0073
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010B0F7E
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010B0F8F
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010B0058
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010B0FC0
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010B0F35
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010B0F46
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010B0EEE
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010B0F09
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010B00A2
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 010B003D
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6C0F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 010B0011
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 010B0F6D
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 010B0FDB
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 010B0022
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 010B0F1A
.text C:\WINDOWS\system32\services.exe[700] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F690F5A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 010A0047
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 010A0091
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 010A002C
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 010A001B
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 010A0080
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 010A0000
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 010A0FD4
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 2A, 89 ]
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 010A0FE5
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\services.exe[700] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[700] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 4D, 5F ]
.text C:\WINDOWS\system32\services.exe[700] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BB0000
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BB0086
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BB0075
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BB004E
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BB0F91
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BB002C
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BB00C3
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BB00A8
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BB00E5
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BB0F56
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00BB0100
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00BB003D
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BB0FE5
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00BB0097
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00BB001B
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00BB0FCA
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00BB00D4
.text C:\WINDOWS\system32\lsass.exe[712] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BA0040
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BA000A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BA006C
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BA0FEF
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BA0FCA
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DA, 88 ]
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BA0051
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\lsass.exe[712] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[712] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\lsass.exe[712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B80000
.text C:\WINDOWS\system32\lsass.exe[712] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\lsass.exe[712] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\lsass.exe[712] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\lsass.exe[712] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D60000
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D60F92
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D60087
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D60076
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D60065
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D60036
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D600D0
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D600BF
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D600EB
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D60F5C
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D600FC
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D60FB9
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D60FDB
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D600A2
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D60025
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D60FCA
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D60F6D
.text C:\WINDOWS\system32\svchost.exe[884] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00D40FA8
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00D40F61
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00D40FB9
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00D40FD4
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00D40F72
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00D40FEF
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00D40014
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00D40F8D
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[884] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[884] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[884] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[884] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[884] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[884] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00D50FEF
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00D50FDE
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00D50FC3
.text C:\WINDOWS\system32\svchost.exe[884] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00D5000A
.text C:\WINDOWS\system32\svchost.exe[884] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D00FEF
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50FEF
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E5005E
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50F5F
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50F7C
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E5002F
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50F8D
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E5006F
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F27
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E5009B
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E5008A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00E50EE7
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00E50014
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E50FDE
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00E50F44
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00E50FA8
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00E50FC3
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00E50F0C
.text C:\WINDOWS\system32\svchost.exe[964] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00E30FB2
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00E3002F
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00E30FDE
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00E30F72
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00E30014
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00E30F97
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[964] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[964] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[964] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[964] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00E40022
.text C:\WINDOWS\system32\svchost.exe[964] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10FE5
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025C0FEF
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025C0F83
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025C0F94
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025C0062
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025C0FA5
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025C0FB6
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025C0F37
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025C0F52
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025C0EFA
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025C0F0B
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F8A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 025C00AE
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 025C0047
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 025C000A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 025C0089
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 025C002C
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 025C001B
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 025C0F26
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 025A0FDB
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 025A0062
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 025A002C
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 025A001B
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 025A0FA5
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 025A0000
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 025A0FC0
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 7A, 8A ]
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 025A0047
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 88, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F840F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1064] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1064] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\System32\svchost.exe[1064] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 025B0FE5
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 025B0FCA
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 025B0000
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 025B001B
.text C:\WINDOWS\System32\svchost.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01730000
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B10F83
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B1006E
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B1005D
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B10F94
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B10FB6
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B10F4B
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B10F5C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B100DA
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B100BF
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00B10F26
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00B10FA5
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00B10093
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00B1002C
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00B1001B
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00B100AE
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 008A0051
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 008A0FDB
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 008A0036
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 008A0025
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 008A008E
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 008A000A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 008A007D
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 008A0062
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 008B0000
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 008B0FDB
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 008B0011
.text C:\WINDOWS\system32\svchost.exe[1104] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 008B0FCA
.text C:\WINDOWS\system32\svchost.exe[1104] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00880FE5
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C20FEF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C20051
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C20F66
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C20040
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C2002F
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C20F94
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C2006C
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C20F26
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C2008E
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C2007D
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C200A9
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C20F83
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C20FD4
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C20F41
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C20FB9
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C20EFF
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C00FA5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C0002C
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C00FCA
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C00F6F
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C00FE5
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00C00F8A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ E0, 88 ]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C00011
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00C10FE5
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00C10FC0
.text C:\WINDOWS\system32\svchost.exe[1256] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00C10FA5
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E10000
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E100A2
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E10FA3
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E10FB4
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01E10FD1
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01E1004E
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01E10F75
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01E10F92
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01E100F3
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E10F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 01E10F49
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01E10069
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01E10011
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01E100B3
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01E1003D
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01E1002C
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01E100D8
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01DF0047
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 01DF0FC7
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01DF002C
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01DF001B
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01DF0084
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01DF0000
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 01DF0073
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01DF0058
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01E0000A
.text C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01E00FEF
.text C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01E00025
.text C:\WINDOWS\Explorer.EXE[1472] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01E00FCA
.text C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\Explorer.EXE[1472] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\Explorer.EXE[1472] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02440000
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 50, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D10FE5
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D10055
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D10044
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D10033
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D10F80
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D10022
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D10092
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D10081
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D10F0A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D10F25
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00D100C8
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00D10F91
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D10FCA
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00D10066
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00D10011
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00D10000
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00D100AD
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00C00FAF
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00C00F8D
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00C00000
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00C00FD4
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00C00F9E
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00C00FEF
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00C00040
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00C00025
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 86, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 59, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F300F5A
.text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F2A0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F2D0F5A
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00C10000
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00C10011
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00C10022
.text C:\WINDOWS\system32\svchost.exe[1484] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00C10FC7
.text C:\WINDOWS\system32\svchost.exe[1484] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BE0FEF
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[1512] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[1672] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\spoolsv.exe[1672] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[1872] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe[1916] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[1948] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[1988] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2012] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[2028] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[2560] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\alg.exe[2680] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\alg.exe[2680] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2680] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[2680] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\alg.exe[2680] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2680] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\alg.exe[2680] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\alg.exe[2680] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F730F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F760F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F7C0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3076] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F790F5A
.text C:\Program Files\ThreatFire\TFTray.exe[3232] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\MSN Messenger\usnsvc.exe[3292] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F760F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F730F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F790F5A
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F7C0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 4A, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 38, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F7C0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F550F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F6D0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F640F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F3A0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F580F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F3D0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F310F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F6A0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F5E0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F5B0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F610F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F730F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F4C0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 7A, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 53, 5F ]
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] SHELL32.dll!ShellExecuteExW 7CA02F03 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] SHELL32.dll!ShellExecuteEx 7CA40E25 6 Bytes JMP 5F2B0F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] SHELL32.dll!ShellExecuteA 7CA41150 6 Bytes JMP 5F250F5A
.text c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] SHELL32.dll!ShellExecuteW 7CAB5BF0 6 Bytes JMP 5F280F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ntdll.dll!NtLoadDriver 7C90D450 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ntdll.dll!NtLoadDriver + 4 7C90D454 2 Bytes [ 3E, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ntdll.dll!NtSuspendProcess 7C90DE10 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ntdll.dll!NtSuspendProcess + 4 7C90DE14 2 Bytes [ 2C, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!LoadResource 7C80A045 6 Bytes JMP 5F700F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, EF, F4 ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!GetProcAddress 7C80AE30 6 Bytes JMP 5F490F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateRemoteThread 7C8104BC 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateRemoteThread + 4 7C8104C0 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateThread 7C8106C7 6 Bytes JMP 5F610F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 5F580F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!TerminateThread 7C81CB23 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!GetVolumeInformationA 7C821B8D 6 Bytes JMP 5F4C0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!DebugActiveProcess 7C85B02B 6 Bytes JMP 5F310F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!WinExec 7C8623AD 6 Bytes JMP 5F250F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] kernel32.dll!CreateToolhelp32Snapshot 7C865B1F 6 Bytes JMP 5F5E0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F340F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F370F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!ShowWindow 7E42AF56 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [ 6E, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F430F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F6A0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F3A0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F280F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [ 47, 5F ]
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!RegOpenKeyExA 77DD7842 6 Bytes JMP 5F520F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 6 Bytes JMP 5F4F0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!RegSetValueExA 77DDEAD7 6 Bytes JMP 5F550F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!OpenSCManagerA 77DF697E 6 Bytes JMP 5F670F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC69 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\KR\Desktop\gmer.exe[4540] ADVAPI32.dll!CreateServiceA 77E371E9 6 Bytes JMP 5F400F5A
---- User IAT/EAT - GMER 1.0.14 ----
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] 5F180000
IAT c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[184] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] 5F140000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[628] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F660000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F570000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F700000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F660000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F570000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F5B0000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F500000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F620000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[700] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\lsass.exe[712] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[884] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[964] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[964] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1104] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1256] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01F72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01F72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01F72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01F72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000
IAT C:\WINDOWS\system32\svchost.exe[1484] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000
IAT C:\Program Files\ThreatFire\TFTray.exe[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThreatFire\TFTray.exe[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThreatFire\TFTray.exe[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\ThreatFire\TFTray.exe[3232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D92F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D92CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D92D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe[3300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D92CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3912] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C62F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C62CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C62D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT c:\PROGRA~1\mcafee\msc\mcuimgr.exe[3932] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C62CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\KR\Desktop\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\KR\Desktop\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\KR\Desktop\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\KR\Desktop\gmer.exe[4540] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Modules - GMER 1.0.14 ----
Module \systemroot\system32\drivers\msqpdxxcbahssi.sys (*** hidden *** ) ED096000-ED0C1000 (176128 bytes)
---- Services - GMER 1.0.14 ----
Service C:\WINDOWS\system32\drivers\msqpdxxcbahssi.sys (*** hidden *** ) [SYSTEM] msqpdxserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.14 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxxcbahssi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxxcbahssi.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxrbjykudo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@imagepath \systemroot\system32\drivers\msqpdxxcbahssi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxserv \\?\globalroot\systemroot\system32\drivers\msqpdxxcbahssi.sys
Reg HKLM\SYSTEM\ControlSet002\Services\msqpdxserv.sys\modules@msqpdxl \\?\globalroot\systemroot\system32\msqpdxrbjykudo.dll
Reg HKLM\SOFTWARE\Classes\msqpdxvx
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxrun 71
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpff 7963
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxaff 2956
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxinfo ?}gx~yc?~d?gkomcyjloumllqQXTc
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxid rfx?y?|xve?eaddab???i?ko?#WVWQ&$T_*
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxsrv 1745024793
Reg HKLM\SOFTWARE\Classes\msqpdxvx@msqpdxpos 5}~p|z?vwp4biedfbakz
---- EOF - GMER 1.0.14 ----