GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-20 16:55:17
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 SAMSUNG_SP1203N rev.TL100-24
Running: gmer.exe; Driver: C:\DOCUME~1\PAVEL-~1\LOCALS~1\Temp\uxrcqpoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwAddBootEntry [0xA821C202]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                              ZwAllocateVirtualMemory [0xA8282CB2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwClose [0xA82406C1]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwCreateEvent [0xA821E81C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwCreateEventPair [0xA821E874]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwCreateFile [0xA84D5868]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwCreateIoCompletion [0xA821E98A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwCreateKey [0xA8240075]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwCreateMutant [0xA821E772]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwCreateProcess [0xA84D4E90]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwCreateProcessEx [0xA84D4D9C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwCreateSection [0xA821E8C4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwCreateSemaphore [0xA821E7C6]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwCreateThread [0xA84D53FC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwCreateTimer [0xA821E938]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwDeleteBootEntry [0xA821C226]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwDeleteFile [0xA84D6210]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwDeleteKey [0xA8240D87]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwDeleteValueKey [0xA824103D]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwDuplicateObject [0xA821EC0E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwEnumerateKey [0xA8240BF2]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwEnumerateValueKey [0xA8240A5D]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                              ZwFreeVirtualMemory [0xA8282D62]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwLoadDriver [0xA821BFF0]
SSDT            \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.)                                        ZwMapViewOfSection [0xA9CA3168]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwModifyBootEntry [0xA821C24A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwNotifyChangeKey [0xA821ED82]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwNotifyChangeMultipleKeys [0xA821CCDA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenEvent [0xA821E84C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenEventPair [0xA821E89C]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwOpenFile [0xA84D5B54]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenIoCompletion [0xA821E9B4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenKey [0xA82403D1]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenMutant [0xA821E79E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenProcess [0xA821EA46]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenSection [0xA821E904]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenSemaphore [0xA821E7F4]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenThread [0xA821EB2A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwOpenTimer [0xA821E962]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                              ZwProtectVirtualMemory [0xA8282DFA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwQueryKey [0xA82408D8]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwQueryObject [0xA821CBA0]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwQueryValueKey [0xA824072A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                              ZwRenameKey [0xA828BE48]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwRestoreKey [0xA823F6E8]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwResumeThread [0xA84D54EC]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwSetBootEntryOrder [0xA821C26E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwSetBootOptions [0xA821C292]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwSetInformationFile [0xA84D5E8C]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwSetSystemInformation [0xA821C04A]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwSetSystemPowerState [0xA821C186]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwSetValueKey [0xA8240E8E]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwShutdownSystem [0xA821C162]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwSystemDebugControl [0xA821C1AA]
SSDT            \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)                                                                              ZwVdmControl [0xA821C2B6]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                                                    ZwWriteFile [0xA84D5DE0]

Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                              ObInsertObject
Code            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)                                                                              ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution + 102                                                                                                                                804E495C 16 Bytes  [1C, E8, 21, A8, 74, E8, 21, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 13E                                                                                                                                804E4998 8 Bytes  [C4, E8, 21, A8, C6, E7, 21, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 16A                                                                                                                                804E49C4 12 Bytes  [26, C2, 21, A8, 10, 62, 4D, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 23E                                                                                                                                804E4A98 16 Bytes  [4C, E8, 21, A8, 9C, E8, 21, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 25E                                                                                                                                804E4AB8 4 Bytes  JMP 84ECA821 
.text           ...                                                                                                                                                                
PAGE            ntoskrnl.exe!ObInsertObject                                                                                                                                        8056DA64 5 Bytes  JMP A8295D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE            ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC                                                                                                                        805766FB 4 Bytes  CALL A821D335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE            ntoskrnl.exe!ObMakeTemporaryObject                                                                                                                                 805AD1E0 5 Bytes  JMP A82942BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text           Ntfs.sys                                                                                                                                                           F75FFB4D 5 Bytes  JMP 82D4E76C 
.text           Ntfs.sys                                                                                                                                                           F7600F31 5 Bytes  JMP 82D4E40C 
.text           Ntfs.sys                                                                                                                                                           F7601ABD 5 Bytes  JMP 82D4E2DC 
PAGE            Ntfs.sys                                                                                                                                                           F761ED59 5 Bytes  JMP 82D4E52C 
PAGE            Ntfs.sys                                                                                                                                                           F7623183 5 Bytes  JMP 82D4E64C 
PAGE            ...                                                                                                                                                                
init            C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                                                                                           entry point in "init" section [0xF65AF900]
?               C:\WINDOWS\System32\Drivers\Npfs.SYS                                                                                                                               suspicious PE modification
.text           win32k.sys!EngFreeUserMem + 674                                                                                                                                    BF809922 5 Bytes  JMP A821FCCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSurface + 45                                                                                                                                   BF813911 5 Bytes  JMP A821FBDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngSetLastError + 783B                                                                                                                                  BF824157 5 Bytes  JMP A821EF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateBitmap + F9C                                                                                                                                   BF828CE9 5 Bytes  JMP A821FE38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + 2C50                                                                                                                               BF8316DA 5 Bytes  JMP A8220040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnmapFontFileFD + B8F2                                                                                                                               BF83A37C 5 Bytes  JMP A821FB4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCopyBits + 5F35                                                                                                                                      BF857E69 5 Bytes  JMP A821EFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 348C                                                                                                                                  BF866FF4 5 Bytes  JMP A821F1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 3517                                                                                                                                  BF86707F 5 Bytes  JMP A821F352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + 3F47                                                                                                                                  BF867AAF 5 Bytes  JMP A821EE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!XLATEOBJ_iXlate + AAFC                                                                                                                                  BF86E664 5 Bytes  JMP A821FC04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngUnicodeToMultiByteN + 2ED7                                                                                                                           BF871F85 5 Bytes  JMP A821FF9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngGetCurrentCodePage + 411E                                                                                                                            BF88C9D8 5 Bytes  JMP A821F32A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngTextOut + 4149                                                                                                                                       BF8B0CBE 5 Bytes  JMP A821EE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreatePalette + 2DBF                                                                                                                                 BF8C26A3 5 Bytes  JMP A821FD80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngStretchBltROP + 450                                                                                                                                  BF8C3048 5 Bytes  JMP A821F06A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1517                                                                                                                                      BF8CB4AA 5 Bytes  JMP A821F0DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngFillPath + 1797                                                                                                                                      BF8CB72A 5 Bytes  JMP A821F114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngDeleteSemaphore + 3B3E                                                                                                                               BF8ED1B7 5 Bytes  JMP A821EDB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 19B2                                                                                                                                    BF913F1F 5 Bytes  JMP A821EF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 2586                                                                                                                                    BF914AF3 5 Bytes  JMP A821F034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4EE5                                                                                                                                    BF917452 3 Bytes  JMP A821F46C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text           win32k.sys!EngCreateClip + 4EE9                                                                                                                                    BF917456 1 Byte  [E8]
.text           win32k.sys!EngPlgBlt + 1924                                                                                                                                        BF945FB0 5 Bytes  JMP A821FEF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
?               C:\DOCUME~1\PAVEL-~1\LOCALS~1\Temp\mbr.sys                                                                                                                         Systm neme nalzt uveden soubor. !

---- User code sections - GMER 1.0.15 ----

.text           C:\WINDOWS\System32\svchost.exe[256] ntdll.dll!LdrLoadDll                                                                                                          7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\System32\svchost.exe[256] ntdll.dll!RtlDosSearchPath_U + 186                                                                                            7C916865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[256] ntdll.dll!LdrUnloadDll                                                                                                        7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!VirtualProtectEx                                                                                                 7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!VirtualProtect                                                                                                   7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!WriteProcessMemory                                                                                               7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!CreateProcessW                                                                                                   7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!CreateProcessA                                                                                                   7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!VirtualAlloc                                                                                                     7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!VirtualAllocEx                                                                                                   7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!CreateRemoteThread                                                                                               7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!CreateThread                                                                                                     7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!CreateProcessInternalW                                                                                           7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!CreateProcessInternalA                                                                                           7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!WinExec                                                                                                          7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!SetThreadContext                                                                                                 7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\System32\svchost.exe[256] kernel32.dll!GetBinaryTypeW + 80                                                                                              7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!SetServiceObjectSecurity                                                                                         77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!ChangeServiceConfigA                                                                                             77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!ChangeServiceConfigW                                                                                             77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!ChangeServiceConfig2A                                                                                            77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!ChangeServiceConfig2W                                                                                            77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!CreateServiceA                                                                                                   77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!CreateServiceW                                                                                                   77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\System32\svchost.exe[256] ADVAPI32.dll!DeleteService                                                                                                    77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\System32\svchost.exe[256] USER32.dll!SetWindowsHookExW                                                                                                  7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\System32\svchost.exe[256] USER32.dll!UnhookWindowsHookEx                                                                                                7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\System32\svchost.exe[256] USER32.dll!SetWindowsHookExA                                                                                                  7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\System32\svchost.exe[256] USER32.dll!SetWinEventHook                                                                                                    7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\System32\svchost.exe[256] USER32.dll!UnhookWinEvent                                                                                                     7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!socket                                                                                                             71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!bind                                                                                                               71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\System32\svchost.exe[256] WS2_32.dll!connect                                                                                                            71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetOpenW                                                                                                     771AAF55 5 Bytes  JMP 00080DB0 
.text           C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetConnectA                                                                                                  771B346A 5 Bytes  JMP 00080F54 
.text           C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetOpenA                                                                                                     771B57A6 5 Bytes  JMP 00080D24 
.text           C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetOpenUrlA                                                                                                  771B5A72 5 Bytes  JMP 00080E3C 
.text           C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetConnectW                                                                                                  771BEE50 5 Bytes  JMP 00080FE0 
.text           C:\WINDOWS\System32\svchost.exe[256] WININET.dll!InternetOpenUrlW                                                                                                  771C5BC2 5 Bytes  JMP 00080EC8 
.text           C:\WINDOWS\system32\svchost.exe[360] ntdll.dll!LdrLoadDll                                                                                                          7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\svchost.exe[360] ntdll.dll!RtlDosSearchPath_U + 186                                                                                            7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[360] ntdll.dll!LdrUnloadDll                                                                                                        7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!VirtualProtectEx                                                                                                 7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!VirtualProtect                                                                                                   7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!WriteProcessMemory                                                                                               7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!CreateProcessW                                                                                                   7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!CreateProcessA                                                                                                   7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!VirtualAlloc                                                                                                     7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!VirtualAllocEx                                                                                                   7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!CreateRemoteThread                                                                                               7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!CreateThread                                                                                                     7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!CreateProcessInternalW                                                                                           7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!CreateProcessInternalA                                                                                           7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!WinExec                                                                                                          7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!SetThreadContext                                                                                                 7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[360] kernel32.dll!GetBinaryTypeW + 80                                                                                              7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[360] ADVAPI32.dll!SetServiceObjectSecurity                                                                                         77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfigA                                                                                             77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfigW                                                                                             77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfig2A                                                                                            77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\svchost.exe[360] ADVAPI32.dll!ChangeServiceConfig2W                                                                                            77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\svchost.exe[360] ADVAPI32.dll!CreateServiceA                                                                                                   77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\svchost.exe[360] ADVAPI32.dll!CreateServiceW                                                                                                   77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\svchost.exe[360] ADVAPI32.dll!DeleteService                                                                                                    77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\svchost.exe[360] USER32.dll!SetWindowsHookExW                                                                                                  7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\svchost.exe[360] USER32.dll!UnhookWindowsHookEx                                                                                                7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\svchost.exe[360] USER32.dll!SetWindowsHookExA                                                                                                  7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\svchost.exe[360] USER32.dll!SetWinEventHook                                                                                                    7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\svchost.exe[360] USER32.dll!UnhookWinEvent                                                                                                     7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] ntdll.dll!RtlDosSearchPath_U + 186                                                                         7C916865 1 Byte  [62]
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!VirtualProtectEx                                                                              7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!VirtualProtect                                                                                7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!WriteProcessMemory                                                                            7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!CreateProcessW                                                                                7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!CreateProcessA                                                                                7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!VirtualAlloc                                                                                  7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!VirtualAllocEx                                                                                7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!CreateRemoteThread                                                                            7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!CreateThread                                                                                  7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!CreateProcessInternalW                                                                        7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!CreateProcessInternalA                                                                        7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!WinExec                                                                                       7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!SetThreadContext                                                                              7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] kernel32.dll!GetBinaryTypeW + 80                                                                           7C868D8C 1 Byte  [62]
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WS2_32.dll!socket                                                                                          71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WS2_32.dll!bind                                                                                            71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WS2_32.dll!connect                                                                                         71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] USER32.dll!SetWindowsHookExW                                                                               7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] USER32.dll!SetWindowPos                                                                                    7E3799F3 5 Bytes  JMP 10001040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] USER32.dll!DrawIconEx                                                                                      7E37CB84 5 Bytes  JMP 100011E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] USER32.dll!GetIconInfo                                                                                     7E37D427 5 Bytes  JMP 10001120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] USER32.dll!SetWindowsHookExA                                                                               7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WININET.dll!InternetOpenW                                                                                  771AAF55 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WININET.dll!InternetConnectA                                                                               771B346A 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WININET.dll!InternetOpenA                                                                                  771B57A6 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WININET.dll!InternetOpenUrlA                                                                               771B5A72 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WININET.dll!InternetConnectW                                                                               771BEE50 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Alwil Software\Avast5\avastUI.exe[540] WININET.dll!InternetOpenUrlW                                                                               771C5BC2 5 Bytes  JMP 00130EC8 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ntdll.dll!LdrLoadDll                                                                              7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ntdll.dll!RtlDosSearchPath_U + 186                                                                7C916865 1 Byte  [62]
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ntdll.dll!LdrUnloadDll                                                                            7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!VirtualProtectEx                                                                     7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!VirtualProtect                                                                       7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!WriteProcessMemory                                                                   7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!CreateProcessW                                                                       7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!CreateProcessA                                                                       7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!VirtualAlloc                                                                         7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!VirtualAllocEx                                                                       7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!CreateRemoteThread                                                                   7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!CreateThread                                                                         7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!CreateProcessInternalW                                                               7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!CreateProcessInternalA                                                               7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!WinExec                                                                              7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!SetThreadContext                                                                     7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] kernel32.dll!GetBinaryTypeW + 80                                                                  7C868D8C 1 Byte  [62]
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ADVAPI32.dll!SetServiceObjectSecurity                                                             77E26D81 5 Bytes  JMP 003F1014 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ADVAPI32.dll!ChangeServiceConfigA                                                                 77E26E69 5 Bytes  JMP 003F0804 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ADVAPI32.dll!ChangeServiceConfigW                                                                 77E27001 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ADVAPI32.dll!ChangeServiceConfig2A                                                                77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ADVAPI32.dll!ChangeServiceConfig2W                                                                77E27189 5 Bytes  JMP 003F0E10 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ADVAPI32.dll!CreateServiceA                                                                       77E27211 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ADVAPI32.dll!CreateServiceW                                                                       77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] ADVAPI32.dll!DeleteService                                                                        77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 007B0804 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] USER32.dll!UnhookWindowsHookEx                                                                    7E37D5F3 5 Bytes  JMP 007B0A08 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 007B0600 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] USER32.dll!SetWinEventHook                                                                        7E3817F7 5 Bytes  JMP 007B01F8 
.text           C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe[544] USER32.dll!UnhookWinEvent                                                                         7E3818AC 5 Bytes  JMP 007B03FC 
.text           C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!LdrLoadDll                                                                                                          7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!RtlDosSearchPath_U + 186                                                                                            7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[552] ntdll.dll!LdrUnloadDll                                                                                                        7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!VirtualProtectEx                                                                                                 7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!VirtualProtect                                                                                                   7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!WriteProcessMemory                                                                                               7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessW                                                                                                   7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessA                                                                                                   7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!VirtualAlloc                                                                                                     7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!VirtualAllocEx                                                                                                   7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateRemoteThread                                                                                               7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateThread                                                                                                     7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessInternalW                                                                                           7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessInternalA                                                                                           7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!WinExec                                                                                                          7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!SetThreadContext                                                                                                 7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!GetBinaryTypeW + 80                                                                                              7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!SetServiceObjectSecurity                                                                                         77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfigA                                                                                             77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfigW                                                                                             77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfig2A                                                                                            77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!ChangeServiceConfig2W                                                                                            77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!CreateServiceA                                                                                                   77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!CreateServiceW                                                                                                   77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\svchost.exe[552] ADVAPI32.dll!DeleteService                                                                                                    77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\svchost.exe[552] USER32.dll!SetWindowsHookExW                                                                                                  7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\svchost.exe[552] USER32.dll!UnhookWindowsHookEx                                                                                                7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\svchost.exe[552] USER32.dll!SetWindowsHookExA                                                                                                  7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\svchost.exe[552] USER32.dll!SetWinEventHook                                                                                                    7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\svchost.exe[552] USER32.dll!UnhookWinEvent                                                                                                     7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\svchost.exe[552] WS2_32.dll!socket                                                                                                             71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[552] WS2_32.dll!bind                                                                                                               71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[552] WS2_32.dll!connect                                                                                                            71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ntdll.dll!LdrLoadDll                                                                                                   7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ntdll.dll!RtlDosSearchPath_U + 186                                                                                     7C916865 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ntdll.dll!LdrUnloadDll                                                                                                 7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!VirtualProtectEx                                                                                          7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!VirtualProtect                                                                                            7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!WriteProcessMemory                                                                                        7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!CreateProcessW                                                                                            7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!CreateProcessA                                                                                            7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!VirtualAlloc                                                                                              7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!VirtualAllocEx                                                                                            7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!CreateRemoteThread                                                                                        7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!CreateThread                                                                                              7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!CreateProcessInternalW                                                                                    7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!CreateProcessInternalA                                                                                    7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!WinExec                                                                                                   7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!SetThreadContext                                                                                          7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] kernel32.dll!GetBinaryTypeW + 80                                                                                       7C868D8C 1 Byte  [62]
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] WS2_32.dll!socket                                                                                                      71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] WS2_32.dll!bind                                                                                                        71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] WS2_32.dll!connect                                                                                                     71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ADVAPI32.dll!SetServiceObjectSecurity                                                                                  77E26D81 5 Bytes  JMP 003F1014 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ADVAPI32.dll!ChangeServiceConfigA                                                                                      77E26E69 5 Bytes  JMP 003F0804 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ADVAPI32.dll!ChangeServiceConfigW                                                                                      77E27001 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ADVAPI32.dll!ChangeServiceConfig2A                                                                                     77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ADVAPI32.dll!ChangeServiceConfig2W                                                                                     77E27189 5 Bytes  JMP 003F0E10 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ADVAPI32.dll!CreateServiceA                                                                                            77E27211 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ADVAPI32.dll!CreateServiceW                                                                                            77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] ADVAPI32.dll!DeleteService                                                                                             77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!SetWindowsHookExW                                                                                           7E37820F 5 Bytes  JMP 00430804 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!UnhookWindowsHookEx                                                                                         7E37D5F3 5 Bytes  JMP 00430A08 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!SetWindowsHookExA                                                                                           7E381211 5 Bytes  JMP 00430600 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!SetWinEventHook                                                                                             7E3817F7 5 Bytes  JMP 004301F8 
.text           C:\Program Files\Java\jre6\bin\jqs.exe[648] USER32.dll!UnhookWinEvent                                                                                              7E3818AC 5 Bytes  JMP 004303FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ntdll.dll!LdrLoadDll                                                                                           7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ntdll.dll!RtlDosSearchPath_U + 186                                                                             7C916865 1 Byte  [62]
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ntdll.dll!LdrUnloadDll                                                                                         7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!VirtualProtectEx                                                                                  7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!VirtualProtect                                                                                    7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!WriteProcessMemory                                                                                7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!CreateProcessW                                                                                    7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!CreateProcessA                                                                                    7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!VirtualAlloc                                                                                      7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!VirtualAllocEx                                                                                    7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!CreateRemoteThread                                                                                7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!CreateThread                                                                                      7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!CreateProcessInternalW                                                                            7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!CreateProcessInternalA                                                                            7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!WinExec                                                                                           7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!SetThreadContext                                                                                  7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] kernel32.dll!GetBinaryTypeW + 80                                                                               7C868D8C 1 Byte  [62]
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WS2_32.dll!socket                                                                                              71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WS2_32.dll!bind                                                                                                71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WS2_32.dll!connect                                                                                             71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ADVAPI32.dll!SetServiceObjectSecurity                                                                          77E26D81 5 Bytes  JMP 003F1014 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ADVAPI32.dll!ChangeServiceConfigA                                                                              77E26E69 5 Bytes  JMP 003F0804 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ADVAPI32.dll!ChangeServiceConfigW                                                                              77E27001 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ADVAPI32.dll!ChangeServiceConfig2A                                                                             77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ADVAPI32.dll!ChangeServiceConfig2W                                                                             77E27189 5 Bytes  JMP 003F0E10 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ADVAPI32.dll!CreateServiceA                                                                                    77E27211 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ADVAPI32.dll!CreateServiceW                                                                                    77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] ADVAPI32.dll!DeleteService                                                                                     77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] USER32.dll!SetWindowsHookExW                                                                                   7E37820F 5 Bytes  JMP 00550804 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] USER32.dll!UnhookWindowsHookEx                                                                                 7E37D5F3 5 Bytes  JMP 00550A08 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] USER32.dll!SetWindowsHookExA                                                                                   7E381211 5 Bytes  JMP 00550600 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] USER32.dll!SetWinEventHook                                                                                     7E3817F7 5 Bytes  JMP 005501F8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] USER32.dll!UnhookWinEvent                                                                                      7E3818AC 5 Bytes  JMP 005503FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WININET.dll!InternetOpenW                                                                                      771AAF55 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WININET.dll!InternetConnectA                                                                                   771B346A 5 Bytes  JMP 00130F54 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WININET.dll!InternetOpenA                                                                                      771B57A6 5 Bytes  JMP 00130D24 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WININET.dll!InternetOpenUrlA                                                                                   771B5A72 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WININET.dll!InternetConnectW                                                                                   771BEE50 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[696] WININET.dll!InternetOpenUrlW                                                                                   771C5BC2 5 Bytes  JMP 00130EC8 
.text           C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!LdrLoadDll                                                                                                          7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!RtlDosSearchPath_U + 186                                                                                            7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!LdrUnloadDll                                                                                                        7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx                                                                                                 7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtect                                                                                                   7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WriteProcessMemory                                                                                               7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessW                                                                                                   7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessA                                                                                                   7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualAlloc                                                                                                     7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualAllocEx                                                                                                   7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateRemoteThread                                                                                               7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateThread                                                                                                     7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessInternalW                                                                                           7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessInternalA                                                                                           7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WinExec                                                                                                          7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!SetThreadContext                                                                                                 7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetBinaryTypeW + 80                                                                                              7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!SetServiceObjectSecurity                                                                                         77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!ChangeServiceConfigA                                                                                             77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!ChangeServiceConfigW                                                                                             77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!ChangeServiceConfig2A                                                                                            77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!ChangeServiceConfig2W                                                                                            77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateServiceA                                                                                                   77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateServiceW                                                                                                   77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!DeleteService                                                                                                    77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExW                                                                                                  7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\svchost.exe[772] USER32.dll!UnhookWindowsHookEx                                                                                                7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExA                                                                                                  7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWinEventHook                                                                                                    7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\svchost.exe[772] USER32.dll!UnhookWinEvent                                                                                                     7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!socket                                                                                                             71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!bind                                                                                                               71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!connect                                                                                                            71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetOpenW                                                                                                     771AAF55 5 Bytes  JMP 00080DB0 
.text           C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetConnectA                                                                                                  771B346A 5 Bytes  JMP 00080F54 
.text           C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetOpenA                                                                                                     771B57A6 5 Bytes  JMP 00080D24 
.text           C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetOpenUrlA                                                                                                  771B5A72 5 Bytes  JMP 00080E3C 
.text           C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetConnectW                                                                                                  771BEE50 5 Bytes  JMP 00080FE0 
.text           C:\WINDOWS\system32\svchost.exe[772] WININET.dll!InternetOpenUrlW                                                                                                  771C5BC2 5 Bytes  JMP 00080EC8 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ntdll.dll!LdrLoadDll                                                                  7C91632D 5 Bytes  JMP 001601F8 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ntdll.dll!RtlDosSearchPath_U + 186                                                    7C916865 1 Byte  [62]
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ntdll.dll!LdrUnloadDll                                                                7C9171CD 5 Bytes  JMP 001603FC 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!VirtualProtectEx                                                         7C801A61 5 Bytes  JMP 001301A8 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!VirtualProtect                                                           7C801AD4 5 Bytes  JMP 00130090 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!WriteProcessMemory                                                       7C802213 5 Bytes  JMP 00130694 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!CreateProcessW                                                           7C802336 5 Bytes  JMP 001302C0 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!CreateProcessA                                                           7C80236B 5 Bytes  JMP 00130234 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!VirtualAlloc                                                             7C809AF1 5 Bytes  JMP 00130004 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!VirtualAllocEx                                                           7C809B12 5 Bytes  JMP 0013011C 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!CreateRemoteThread                                                       7C8104CC 5 Bytes  JMP 001304F0 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!CreateThread                                                             7C8106D7 5 Bytes  JMP 0013057C 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!CreateProcessInternalW                                                   7C8197B0 5 Bytes  JMP 001303D8 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!CreateProcessInternalA                                                   7C81D54E 5 Bytes  JMP 0013034C 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!WinExec                                                                  7C86250D 5 Bytes  JMP 00130464 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!SetThreadContext                                                         7C863C09 5 Bytes  JMP 00130608 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] kernel32.dll!GetBinaryTypeW + 80                                                      7C868D8C 1 Byte  [62]
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ADVAPI32.dll!SetServiceObjectSecurity                                                 77E26D81 5 Bytes  JMP 003F1014 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ADVAPI32.dll!ChangeServiceConfigA                                                     77E26E69 5 Bytes  JMP 003F0804 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ADVAPI32.dll!ChangeServiceConfigW                                                     77E27001 5 Bytes  JMP 003F0A08 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ADVAPI32.dll!ChangeServiceConfig2A                                                    77E27101 5 Bytes  JMP 003F0C0C 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ADVAPI32.dll!ChangeServiceConfig2W                                                    77E27189 5 Bytes  JMP 003F0E10 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ADVAPI32.dll!CreateServiceA                                                           77E27211 5 Bytes  JMP 003F01F8 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ADVAPI32.dll!CreateServiceW                                                           77E273A9 5 Bytes  JMP 003F03FC 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] ADVAPI32.dll!DeleteService                                                            77E274B1 5 Bytes  JMP 003F0600 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] USER32.dll!SetWindowsHookExW                                                          7E37820F 5 Bytes  JMP 00440804 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] USER32.dll!UnhookWindowsHookEx                                                        7E37D5F3 5 Bytes  JMP 00440A08 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] USER32.dll!SetWindowsHookExA                                                          7E381211 5 Bytes  JMP 00440600 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] USER32.dll!SetWinEventHook                                                            7E3817F7 5 Bytes  JMP 004401F8 
.text           c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[796] USER32.dll!UnhookWinEvent                                                             7E3818AC 5 Bytes  JMP 004403FC 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] ntdll.dll!RtlDosSearchPath_U + 186                                                                        7C916865 1 Byte  [62]
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!VirtualProtectEx                                                                             7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!VirtualProtect                                                                               7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!WriteProcessMemory                                                                           7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!CreateProcessW                                                                               7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!CreateProcessA                                                                               7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!VirtualAlloc                                                                                 7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!VirtualAllocEx                                                                               7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!CreateRemoteThread                                                                           7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!CreateThread                                                                                 7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!CreateProcessInternalW                                                                       7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!CreateProcessInternalA                                                                       7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!SetUnhandledExceptionFilter                                                                  7C84495D 4 Bytes  [C2, 04, 00, 90] {RET 0x4; NOP }
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!WinExec                                                                                      7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!SetThreadContext                                                                             7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] kernel32.dll!GetBinaryTypeW + 80                                                                          7C868D8C 1 Byte  [62]
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] WS2_32.dll!socket                                                                                         71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] WS2_32.dll!bind                                                                                           71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] WS2_32.dll!connect                                                                                        71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] USER32.dll!SetWindowsHookExW                                                                              7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] USER32.dll!SetWindowsHookExA                                                                              7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] wininet.dll!InternetOpenW                                                                                 771AAF55 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] wininet.dll!InternetConnectA                                                                              771B346A 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] wininet.dll!InternetOpenA                                                                                 771B57A6 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] wininet.dll!InternetOpenUrlA                                                                              771B5A72 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] wininet.dll!InternetConnectW                                                                              771BEE50 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[888] wininet.dll!InternetOpenUrlW                                                                              771C5BC2 5 Bytes  JMP 00130EC8 
.text           C:\WINDOWS\System32\smss.exe[1056] ntdll.dll!RtlDosSearchPath_U + 186                                                                                              7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[1232] ntdll.dll!RtlDosSearchPath_U + 186                                                                                             7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!VirtualProtectEx                                                                                                  7C801A61 5 Bytes  JMP 001601A8 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!VirtualProtect                                                                                                    7C801AD4 5 Bytes  JMP 00160090 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!WriteProcessMemory                                                                                                7C802213 5 Bytes  JMP 00160694 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!CreateProcessW                                                                                                    7C802336 5 Bytes  JMP 001602C0 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!CreateProcessA                                                                                                    7C80236B 5 Bytes  JMP 00160234 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!VirtualAlloc                                                                                                      7C809AF1 5 Bytes  JMP 00160004 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!VirtualAllocEx                                                                                                    7C809B12 5 Bytes  JMP 0016011C 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!CreateRemoteThread                                                                                                7C8104CC 5 Bytes  JMP 001604F0 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!CreateThread                                                                                                      7C8106D7 5 Bytes  JMP 0016057C 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!CreateProcessInternalW                                                                                            7C8197B0 5 Bytes  JMP 001603D8 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!CreateProcessInternalA                                                                                            7C81D54E 5 Bytes  JMP 0016034C 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!WinExec                                                                                                           7C86250D 5 Bytes  JMP 00160464 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!SetThreadContext                                                                                                  7C863C09 5 Bytes  JMP 00160608 
.text           C:\WINDOWS\system32\csrss.exe[1232] KERNEL32.dll!GetBinaryTypeW + 80                                                                                               7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\csrss.exe[1232] USER32.dll!SetWindowsHookExW                                                                                                   7E37820F 5 Bytes  JMP 001607AC 
.text           C:\WINDOWS\system32\csrss.exe[1232] USER32.dll!SetWindowsHookExA                                                                                                   7E381211 5 Bytes  JMP 00160720 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ntdll.dll!LdrLoadDll                                                                                                        7C91632D 5 Bytes  JMP 000801F8 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186                                                                                          7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[1256] ntdll.dll!LdrUnloadDll                                                                                                      7C9171CD 5 Bytes  JMP 000803FC 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!VirtualProtectEx                                                                                               7C801A61 5 Bytes  JMP 000701A8 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!VirtualProtect                                                                                                 7C801AD4 5 Bytes  JMP 00070090 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!WriteProcessMemory                                                                                             7C802213 5 Bytes  JMP 00070694 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!CreateProcessW                                                                                                 7C802336 5 Bytes  JMP 000702C0 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!CreateProcessA                                                                                                 7C80236B 5 Bytes  JMP 00070234 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!VirtualAlloc                                                                                                   7C809AF1 5 Bytes  JMP 00070004 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!VirtualAllocEx                                                                                                 7C809B12 5 Bytes  JMP 0007011C 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!CreateRemoteThread                                                                                             7C8104CC 5 Bytes  JMP 000704F0 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!CreateThread                                                                                                   7C8106D7 5 Bytes  JMP 0007057C 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!CreateProcessInternalW                                                                                         7C8197B0 5 Bytes  JMP 000703D8 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!CreateProcessInternalA                                                                                         7C81D54E 5 Bytes  JMP 0007034C 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!WinExec                                                                                                        7C86250D 5 Bytes  JMP 00070464 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!SetThreadContext                                                                                               7C863C09 5 Bytes  JMP 00070608 
.text           C:\WINDOWS\system32\winlogon.exe[1256] kernel32.dll!GetBinaryTypeW + 80                                                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\winlogon.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity                                                                                       77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ADVAPI32.dll!ChangeServiceConfigA                                                                                           77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ADVAPI32.dll!ChangeServiceConfigW                                                                                           77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A                                                                                          77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W                                                                                          77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ADVAPI32.dll!CreateServiceA                                                                                                 77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ADVAPI32.dll!CreateServiceW                                                                                                 77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\winlogon.exe[1256] ADVAPI32.dll!DeleteService                                                                                                  77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\winlogon.exe[1256] USER32.dll!SetWindowsHookExW                                                                                                7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\winlogon.exe[1256] USER32.dll!UnhookWindowsHookEx                                                                                              7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\winlogon.exe[1256] USER32.dll!SetWindowsHookExA                                                                                                7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\winlogon.exe[1256] USER32.dll!SetWinEventHook                                                                                                  7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\winlogon.exe[1256] USER32.dll!UnhookWinEvent                                                                                                   7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WS2_32.dll!socket                                                                                                           71A94211 5 Bytes  JMP 000708C4 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WS2_32.dll!bind                                                                                                             71A94480 5 Bytes  JMP 00070838 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WS2_32.dll!connect                                                                                                          71A94A07 5 Bytes  JMP 00070950 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WININET.dll!InternetOpenW                                                                                                   771AAF55 5 Bytes  JMP 00070DB0 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WININET.dll!InternetConnectA                                                                                                771B346A 5 Bytes  JMP 00070F54 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WININET.dll!InternetOpenA                                                                                                   771B57A6 5 Bytes  JMP 00070D24 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WININET.dll!InternetOpenUrlA                                                                                                771B5A72 5 Bytes  JMP 00070E3C 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WININET.dll!InternetConnectW                                                                                                771BEE50 5 Bytes  JMP 00070FE0 
.text           C:\WINDOWS\system32\winlogon.exe[1256] WININET.dll!InternetOpenUrlW                                                                                                771C5BC2 5 Bytes  JMP 00070EC8 
.text           C:\WINDOWS\system32\services.exe[1300] ntdll.dll!LdrLoadDll                                                                                                        7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\services.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186                                                                                          7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[1300] ntdll.dll!LdrUnloadDll                                                                                                      7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!VirtualProtectEx                                                                                               7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!VirtualProtect                                                                                                 7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!WriteProcessMemory                                                                                             7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!CreateProcessW                                                                                                 7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!CreateProcessA                                                                                                 7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!VirtualAlloc                                                                                                   7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!VirtualAllocEx                                                                                                 7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!CreateRemoteThread                                                                                             7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!CreateThread                                                                                                   7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!CreateProcessInternalW                                                                                         7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!CreateProcessInternalA                                                                                         7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!WinExec                                                                                                        7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!SetThreadContext                                                                                               7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\services.exe[1300] kernel32.dll!GetBinaryTypeW + 80                                                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\services.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity                                                                                       77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\services.exe[1300] ADVAPI32.dll!ChangeServiceConfigA                                                                                           77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\services.exe[1300] ADVAPI32.dll!ChangeServiceConfigW                                                                                           77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\services.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A                                                                                          77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\services.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W                                                                                          77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\services.exe[1300] ADVAPI32.dll!CreateServiceA                                                                                                 77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\services.exe[1300] ADVAPI32.dll!CreateServiceW                                                                                                 77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\services.exe[1300] ADVAPI32.dll!DeleteService                                                                                                  77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\services.exe[1300] USER32.dll!SetWindowsHookExW                                                                                                7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\services.exe[1300] USER32.dll!UnhookWindowsHookEx                                                                                              7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\services.exe[1300] USER32.dll!SetWindowsHookExA                                                                                                7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\services.exe[1300] USER32.dll!SetWinEventHook                                                                                                  7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\services.exe[1300] USER32.dll!UnhookWinEvent                                                                                                   7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\lsass.exe[1312] ntdll.dll!LdrLoadDll                                                                                                           7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\lsass.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186                                                                                             7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[1312] ntdll.dll!LdrUnloadDll                                                                                                         7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!VirtualProtectEx                                                                                                  7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!VirtualProtect                                                                                                    7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!WriteProcessMemory                                                                                                7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!CreateProcessW                                                                                                    7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!CreateProcessA                                                                                                    7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!VirtualAlloc                                                                                                      7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!VirtualAllocEx                                                                                                    7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!CreateRemoteThread                                                                                                7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!CreateThread                                                                                                      7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!CreateProcessInternalW                                                                                            7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!CreateProcessInternalA                                                                                            7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!WinExec                                                                                                           7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!SetThreadContext                                                                                                  7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\lsass.exe[1312] kernel32.dll!GetBinaryTypeW + 80                                                                                               7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\lsass.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity                                                                                          77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\lsass.exe[1312] ADVAPI32.dll!ChangeServiceConfigA                                                                                              77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\lsass.exe[1312] ADVAPI32.dll!ChangeServiceConfigW                                                                                              77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\lsass.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A                                                                                             77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\lsass.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W                                                                                             77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\lsass.exe[1312] ADVAPI32.dll!CreateServiceA                                                                                                    77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\lsass.exe[1312] ADVAPI32.dll!CreateServiceW                                                                                                    77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\lsass.exe[1312] ADVAPI32.dll!DeleteService                                                                                                     77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\lsass.exe[1312] USER32.dll!SetWindowsHookExW                                                                                                   7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\lsass.exe[1312] USER32.dll!UnhookWindowsHookEx                                                                                                 7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\lsass.exe[1312] USER32.dll!SetWindowsHookExA                                                                                                   7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\lsass.exe[1312] USER32.dll!SetWinEventHook                                                                                                     7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\lsass.exe[1312] USER32.dll!UnhookWinEvent                                                                                                      7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\lsass.exe[1312] WS2_32.dll!socket                                                                                                              71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\lsass.exe[1312] WS2_32.dll!bind                                                                                                                71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\lsass.exe[1312] WS2_32.dll!connect                                                                                                             71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ntdll.dll!LdrLoadDll                                                                                                                 7C91632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186                                                                                                   7C916865 1 Byte  [62]
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ntdll.dll!LdrUnloadDll                                                                                                               7C9171CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!VirtualProtectEx                                                                                                        7C801A61 5 Bytes  JMP 001301A8 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!VirtualProtect                                                                                                          7C801AD4 5 Bytes  JMP 00130090 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!WriteProcessMemory                                                                                                      7C802213 5 Bytes  JMP 00130694 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!CreateProcessW                                                                                                          7C802336 5 Bytes  JMP 001302C0 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!CreateProcessA                                                                                                          7C80236B 5 Bytes  JMP 00130234 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!VirtualAlloc                                                                                                            7C809AF1 5 Bytes  JMP 00130004 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!VirtualAllocEx                                                                                                          7C809B12 5 Bytes  JMP 0013011C 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!CreateRemoteThread                                                                                                      7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!CreateThread                                                                                                            7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!CreateProcessInternalW                                                                                                  7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!CreateProcessInternalA                                                                                                  7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!WinExec                                                                                                                 7C86250D 5 Bytes  JMP 00130464 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!SetThreadContext                                                                                                        7C863C09 5 Bytes  JMP 00130608 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] kernel32.dll!GetBinaryTypeW + 80                                                                                                     7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\AGRSMMSG.exe[1464] USER32.dll!SetWindowsHookExW                                                                                                         7E37820F 5 Bytes  JMP 003E0804 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] USER32.dll!UnhookWindowsHookEx                                                                                                       7E37D5F3 5 Bytes  JMP 003E0A08 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] USER32.dll!SetWindowsHookExA                                                                                                         7E381211 5 Bytes  JMP 003E0600 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] USER32.dll!SetWinEventHook                                                                                                           7E3817F7 5 Bytes  JMP 003E01F8 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] USER32.dll!UnhookWinEvent                                                                                                            7E3818AC 5 Bytes  JMP 003E03FC 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity                                                                                                77E26D81 5 Bytes  JMP 003F1014 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ADVAPI32.dll!ChangeServiceConfigA                                                                                                    77E26E69 5 Bytes  JMP 003F0804 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ADVAPI32.dll!ChangeServiceConfigW                                                                                                    77E27001 5 Bytes  JMP 003F0A08 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A                                                                                                   77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W                                                                                                   77E27189 5 Bytes  JMP 003F0E10 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ADVAPI32.dll!CreateServiceA                                                                                                          77E27211 5 Bytes  JMP 003F01F8 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ADVAPI32.dll!CreateServiceW                                                                                                          77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\WINDOWS\AGRSMMSG.exe[1464] ADVAPI32.dll!DeleteService                                                                                                           77E274B1 5 Bytes  JMP 003F0600 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ntdll.dll!LdrLoadDll                                                                                                        7C91632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186                                                                                          7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ntdll.dll!LdrUnloadDll                                                                                                      7C9171CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!VirtualProtectEx                                                                                               7C801A61 5 Bytes  JMP 001301A8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!VirtualProtect                                                                                                 7C801AD4 5 Bytes  JMP 00130090 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!WriteProcessMemory                                                                                             7C802213 5 Bytes  JMP 00130694 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!CreateProcessW                                                                                                 7C802336 5 Bytes  JMP 001302C0 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!CreateProcessA                                                                                                 7C80236B 5 Bytes  JMP 00130234 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!VirtualAlloc                                                                                                   7C809AF1 5 Bytes  JMP 00130004 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!VirtualAllocEx                                                                                                 7C809B12 5 Bytes  JMP 0013011C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!CreateRemoteThread                                                                                             7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!CreateThread                                                                                                   7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!CreateProcessInternalW                                                                                         7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!CreateProcessInternalA                                                                                         7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!WinExec                                                                                                        7C86250D 5 Bytes  JMP 00130464 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!SetThreadContext                                                                                               7C863C09 5 Bytes  JMP 00130608 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] kernel32.dll!GetBinaryTypeW + 80                                                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] USER32.dll!SetWindowsHookExW                                                                                                7E37820F 5 Bytes  JMP 003E0804 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] USER32.dll!UnhookWindowsHookEx                                                                                              7E37D5F3 5 Bytes  JMP 003E0A08 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] USER32.dll!SetWindowsHookExA                                                                                                7E381211 5 Bytes  JMP 003E0600 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] USER32.dll!SetWinEventHook                                                                                                  7E3817F7 5 Bytes  JMP 003E01F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] USER32.dll!UnhookWinEvent                                                                                                   7E3818AC 5 Bytes  JMP 003E03FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity                                                                                       77E26D81 5 Bytes  JMP 003F1014 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ADVAPI32.dll!ChangeServiceConfigA                                                                                           77E26E69 5 Bytes  JMP 003F0804 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ADVAPI32.dll!ChangeServiceConfigW                                                                                           77E27001 5 Bytes  JMP 003F0A08 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A                                                                                          77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W                                                                                          77E27189 5 Bytes  JMP 003F0E10 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ADVAPI32.dll!CreateServiceA                                                                                                 77E27211 5 Bytes  JMP 003F01F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ADVAPI32.dll!CreateServiceW                                                                                                 77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1488] ADVAPI32.dll!DeleteService                                                                                                  77E274B1 5 Bytes  JMP 003F0600 
.text           C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!LdrLoadDll                                                                                                         7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186                                                                                           7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1504] ntdll.dll!LdrUnloadDll                                                                                                       7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtectEx                                                                                                7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualProtect                                                                                                  7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!WriteProcessMemory                                                                                              7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessW                                                                                                  7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessA                                                                                                  7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualAlloc                                                                                                    7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!VirtualAllocEx                                                                                                  7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateRemoteThread                                                                                              7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateThread                                                                                                    7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessInternalW                                                                                          7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!CreateProcessInternalA                                                                                          7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!WinExec                                                                                                         7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!SetThreadContext                                                                                                7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1504] kernel32.dll!GetBinaryTypeW + 80                                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity                                                                                        77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!ChangeServiceConfigA                                                                                            77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!ChangeServiceConfigW                                                                                            77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A                                                                                           77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W                                                                                           77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!CreateServiceA                                                                                                  77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!CreateServiceW                                                                                                  77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\svchost.exe[1504] ADVAPI32.dll!DeleteService                                                                                                   77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!SetWindowsHookExW                                                                                                 7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!UnhookWindowsHookEx                                                                                               7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!SetWindowsHookExA                                                                                                 7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!SetWinEventHook                                                                                                   7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\svchost.exe[1504] USER32.dll!UnhookWinEvent                                                                                                    7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!socket                                                                                                            71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!bind                                                                                                              71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1504] WS2_32.dll!connect                                                                                                           71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrLoadDll                                                                                                         7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!RtlDosSearchPath_U + 186                                                                                           7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrUnloadDll                                                                                                       7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtectEx                                                                                                7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtect                                                                                                  7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WriteProcessMemory                                                                                              7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessW                                                                                                  7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessA                                                                                                  7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualAlloc                                                                                                    7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualAllocEx                                                                                                  7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateRemoteThread                                                                                              7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateThread                                                                                                    7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessInternalW                                                                                          7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessInternalA                                                                                          7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WinExec                                                                                                         7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!SetThreadContext                                                                                                7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetBinaryTypeW + 80                                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity                                                                                        77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigA                                                                                            77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfigW                                                                                            77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A                                                                                           77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W                                                                                           77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceA                                                                                                  77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateServiceW                                                                                                  77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!DeleteService                                                                                                   77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExW                                                                                                 7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!UnhookWindowsHookEx                                                                                               7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExA                                                                                                 7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWinEventHook                                                                                                   7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!UnhookWinEvent                                                                                                    7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!socket                                                                                                            71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!bind                                                                                                              71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!connect                                                                                                           71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll                                                                                                         7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!RtlDosSearchPath_U + 186                                                                                           7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll                                                                                                       7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtectEx                                                                                                7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtect                                                                                                  7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!WriteProcessMemory                                                                                              7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessW                                                                                                  7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessA                                                                                                  7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualAlloc                                                                                                    7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualAllocEx                                                                                                  7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateRemoteThread                                                                                              7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateThread                                                                                                    7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessInternalW                                                                                          7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessInternalA                                                                                          7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!WinExec                                                                                                         7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!SetThreadContext                                                                                                7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetBinaryTypeW + 80                                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity                                                                                        77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigA                                                                                            77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigW                                                                                            77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A                                                                                           77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W                                                                                           77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateServiceA                                                                                                  77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateServiceW                                                                                                  77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!DeleteService                                                                                                   77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExW                                                                                                 7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!UnhookWindowsHookEx                                                                                               7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExA                                                                                                 7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!SetWinEventHook                                                                                                   7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!UnhookWinEvent                                                                                                    7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetOpenW                                                                                                    771AAF55 5 Bytes  JMP 00080DB0 
.text           C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetConnectA                                                                                                 771B346A 5 Bytes  JMP 00080F54 
.text           C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetOpenA                                                                                                    771B57A6 5 Bytes  JMP 00080D24 
.text           C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetOpenUrlA                                                                                                 771B5A72 5 Bytes  JMP 00080E3C 
.text           C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetConnectW                                                                                                 771BEE50 5 Bytes  JMP 00080FE0 
.text           C:\WINDOWS\system32\svchost.exe[1628] WININET.dll!InternetOpenUrlW                                                                                                 771C5BC2 5 Bytes  JMP 00080EC8 
.text           C:\WINDOWS\system32\svchost.exe[1628] WS2_32.dll!socket                                                                                                            71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1628] WS2_32.dll!bind                                                                                                              71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1628] WS2_32.dll!connect                                                                                                           71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ntdll.dll!LdrLoadDll                                                                            7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186                                                              7C916865 1 Byte  [62]
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ntdll.dll!LdrUnloadDll                                                                          7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!VirtualProtectEx                                                                   7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!VirtualProtect                                                                     7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!WriteProcessMemory                                                                 7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!CreateProcessW                                                                     7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!CreateProcessA                                                                     7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!VirtualAlloc                                                                       7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!VirtualAllocEx                                                                     7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!CreateRemoteThread                                                                 7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!CreateThread                                                                       7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!CreateProcessInternalW                                                             7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!CreateProcessInternalA                                                             7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!WinExec                                                                            7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!SetThreadContext                                                                   7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] kernel32.dll!GetBinaryTypeW + 80                                                                7C868D8C 1 Byte  [62]
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity                                                           77E26D81 5 Bytes  JMP 003F1014 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ADVAPI32.dll!ChangeServiceConfigA                                                               77E26E69 5 Bytes  JMP 003F0804 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ADVAPI32.dll!ChangeServiceConfigW                                                               77E27001 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A                                                              77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W                                                              77E27189 5 Bytes  JMP 003F0E10 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ADVAPI32.dll!CreateServiceA                                                                     77E27211 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ADVAPI32.dll!CreateServiceW                                                                     77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] ADVAPI32.dll!DeleteService                                                                      77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] USER32.dll!SetWindowsHookExW                                                                    7E37820F 5 Bytes  JMP 00490804 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] USER32.dll!UnhookWindowsHookEx                                                                  7E37D5F3 5 Bytes  JMP 00490A08 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] USER32.dll!SetWindowsHookExA                                                                    7E381211 5 Bytes  JMP 00490600 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] USER32.dll!SetWinEventHook                                                                      7E3817F7 5 Bytes  JMP 004901F8 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] USER32.dll!UnhookWinEvent                                                                       7E3818AC 5 Bytes  JMP 004903FC 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] WS2_32.dll!socket                                                                               71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] WS2_32.dll!bind                                                                                 71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[1664] WS2_32.dll!connect                                                                              71A94A07 5 Bytes  JMP 00130950 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ntdll.dll!LdrLoadDll                                                                                                        7C91632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ntdll.dll!RtlDosSearchPath_U + 186                                                                                          7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ntdll.dll!LdrUnloadDll                                                                                                      7C9171CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!VirtualProtectEx                                                                                               7C801A61 5 Bytes  JMP 001301A8 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!VirtualProtect                                                                                                 7C801AD4 5 Bytes  JMP 00130090 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!WriteProcessMemory                                                                                             7C802213 5 Bytes  JMP 00130694 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!CreateProcessW                                                                                                 7C802336 5 Bytes  JMP 001302C0 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!CreateProcessA                                                                                                 7C80236B 5 Bytes  JMP 00130234 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!VirtualAlloc                                                                                                   7C809AF1 5 Bytes  JMP 00130004 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!VirtualAllocEx                                                                                                 7C809B12 5 Bytes  JMP 0013011C 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!CreateRemoteThread                                                                                             7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!CreateThread                                                                                                   7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!CreateProcessInternalW                                                                                         7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!CreateProcessInternalA                                                                                         7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!WinExec                                                                                                        7C86250D 5 Bytes  JMP 00130464 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!SetThreadContext                                                                                               7C863C09 5 Bytes  JMP 00130608 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] kernel32.dll!GetBinaryTypeW + 80                                                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] USER32.dll!SetWindowsHookExW                                                                                                7E37820F 5 Bytes  JMP 003E0804 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] USER32.dll!UnhookWindowsHookEx                                                                                              7E37D5F3 5 Bytes  JMP 003E0A08 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] USER32.dll!SetWindowsHookExA                                                                                                7E381211 5 Bytes  JMP 003E0600 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] USER32.dll!SetWinEventHook                                                                                                  7E3817F7 5 Bytes  JMP 003E01F8 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] USER32.dll!UnhookWinEvent                                                                                                   7E3818AC 5 Bytes  JMP 003E03FC 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity                                                                                       77E26D81 5 Bytes  JMP 003F1014 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ADVAPI32.dll!ChangeServiceConfigA                                                                                           77E26E69 5 Bytes  JMP 003F0804 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ADVAPI32.dll!ChangeServiceConfigW                                                                                           77E27001 5 Bytes  JMP 003F0A08 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A                                                                                          77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W                                                                                          77E27189 5 Bytes  JMP 003F0E10 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ADVAPI32.dll!CreateServiceA                                                                                                 77E27211 5 Bytes  JMP 003F01F8 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ADVAPI32.dll!CreateServiceW                                                                                                 77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\WINDOWS\system32\brsvc01a.exe[1840] ADVAPI32.dll!DeleteService                                                                                                  77E274B1 5 Bytes  JMP 003F0600 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ntdll.dll!LdrLoadDll                                                                                                         7C91632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186                                                                                           7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\brss01a.exe[1856] ntdll.dll!LdrUnloadDll                                                                                                       7C9171CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!VirtualProtectEx                                                                                                7C801A61 5 Bytes  JMP 001301A8 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!VirtualProtect                                                                                                  7C801AD4 5 Bytes  JMP 00130090 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!WriteProcessMemory                                                                                              7C802213 5 Bytes  JMP 00130694 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!CreateProcessW                                                                                                  7C802336 5 Bytes  JMP 001302C0 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!CreateProcessA                                                                                                  7C80236B 5 Bytes  JMP 00130234 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!VirtualAlloc                                                                                                    7C809AF1 5 Bytes  JMP 00130004 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!VirtualAllocEx                                                                                                  7C809B12 5 Bytes  JMP 0013011C 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!CreateRemoteThread                                                                                              7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!CreateThread                                                                                                    7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!CreateProcessInternalW                                                                                          7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!CreateProcessInternalA                                                                                          7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!WinExec                                                                                                         7C86250D 5 Bytes  JMP 00130464 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!SetThreadContext                                                                                                7C863C09 5 Bytes  JMP 00130608 
.text           C:\WINDOWS\system32\brss01a.exe[1856] kernel32.dll!GetBinaryTypeW + 80                                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\brss01a.exe[1856] USER32.dll!SetWindowsHookExW                                                                                                 7E37820F 5 Bytes  JMP 003E0804 
.text           C:\WINDOWS\system32\brss01a.exe[1856] USER32.dll!UnhookWindowsHookEx                                                                                               7E37D5F3 5 Bytes  JMP 003E0A08 
.text           C:\WINDOWS\system32\brss01a.exe[1856] USER32.dll!SetWindowsHookExA                                                                                                 7E381211 5 Bytes  JMP 003E0600 
.text           C:\WINDOWS\system32\brss01a.exe[1856] USER32.dll!SetWinEventHook                                                                                                   7E3817F7 5 Bytes  JMP 003E01F8 
.text           C:\WINDOWS\system32\brss01a.exe[1856] USER32.dll!UnhookWinEvent                                                                                                    7E3818AC 5 Bytes  JMP 003E03FC 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity                                                                                        77E26D81 5 Bytes  JMP 003F1014 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ADVAPI32.dll!ChangeServiceConfigA                                                                                            77E26E69 5 Bytes  JMP 003F0804 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ADVAPI32.dll!ChangeServiceConfigW                                                                                            77E27001 5 Bytes  JMP 003F0A08 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A                                                                                           77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W                                                                                           77E27189 5 Bytes  JMP 003F0E10 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ADVAPI32.dll!CreateServiceA                                                                                                  77E27211 5 Bytes  JMP 003F01F8 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ADVAPI32.dll!CreateServiceW                                                                                                  77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\WINDOWS\system32\brss01a.exe[1856] ADVAPI32.dll!DeleteService                                                                                                   77E274B1 5 Bytes  JMP 003F0600 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!LdrLoadDll                                                                                                         7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!RtlDosSearchPath_U + 186                                                                                           7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ntdll.dll!LdrUnloadDll                                                                                                       7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!VirtualProtectEx                                                                                                7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!VirtualProtect                                                                                                  7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!WriteProcessMemory                                                                                              7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateProcessW                                                                                                  7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateProcessA                                                                                                  7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!VirtualAlloc                                                                                                    7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!VirtualAllocEx                                                                                                  7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateRemoteThread                                                                                              7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateThread                                                                                                    7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateProcessInternalW                                                                                          7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!CreateProcessInternalA                                                                                          7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!WinExec                                                                                                         7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!SetThreadContext                                                                                                7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] kernel32.dll!GetBinaryTypeW + 80                                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity                                                                                        77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!ChangeServiceConfigA                                                                                            77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!ChangeServiceConfigW                                                                                            77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A                                                                                           77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W                                                                                           77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!CreateServiceA                                                                                                  77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!CreateServiceW                                                                                                  77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] ADVAPI32.dll!DeleteService                                                                                                   77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!SetWindowsHookExW                                                                                                 7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!UnhookWindowsHookEx                                                                                               7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!SetWindowsHookExA                                                                                                 7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!SetWinEventHook                                                                                                   7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] USER32.dll!UnhookWinEvent                                                                                                    7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] WS2_32.dll!socket                                                                                                            71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] WS2_32.dll!bind                                                                                                              71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\spoolsv.exe[1868] WS2_32.dll!connect                                                                                                           71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ntdll.dll!LdrLoadDll                                                                                                        7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186                                                                                          7C916865 1 Byte  [62]
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ntdll.dll!LdrUnloadDll                                                                                                      7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!VirtualProtectEx                                                                                               7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!VirtualProtect                                                                                                 7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!WriteProcessMemory                                                                                             7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!CreateProcessW                                                                                                 7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!CreateProcessA                                                                                                 7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!VirtualAlloc                                                                                                   7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!VirtualAllocEx                                                                                                 7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!CreateRemoteThread                                                                                             7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!CreateThread                                                                                                   7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!CreateProcessInternalW                                                                                         7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!CreateProcessInternalA                                                                                         7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!WinExec                                                                                                        7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!SetThreadContext                                                                                               7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] kernel32.dll!GetBinaryTypeW + 80                                                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] USER32.dll!SetWindowsHookExW                                                                                                7E37820F 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] USER32.dll!UnhookWindowsHookEx                                                                                              7E37D5F3 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] USER32.dll!SetWindowsHookExA                                                                                                7E381211 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] USER32.dll!SetWinEventHook                                                                                                  7E3817F7 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] USER32.dll!UnhookWinEvent                                                                                                   7E3818AC 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity                                                                                       77E26D81 5 Bytes  JMP 00321014 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ADVAPI32.dll!ChangeServiceConfigA                                                                                           77E26E69 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ADVAPI32.dll!ChangeServiceConfigW                                                                                           77E27001 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A                                                                                          77E27101 5 Bytes  JMP 00320C0C 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W                                                                                          77E27189 5 Bytes  JMP 00320E10 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ADVAPI32.dll!CreateServiceA                                                                                                 77E27211 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ADVAPI32.dll!CreateServiceW                                                                                                 77E273A9 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\System32\SCardSvr.exe[1908] ADVAPI32.dll!DeleteService                                                                                                  77E274B1 5 Bytes  JMP 00320600 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ntdll.dll!LdrLoadDll                                                                                  7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ntdll.dll!RtlDosSearchPath_U + 186                                                                    7C916865 1 Byte  [62]
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ntdll.dll!LdrUnloadDll                                                                                7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!VirtualProtectEx                                                                         7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!VirtualProtect                                                                           7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!WriteProcessMemory                                                                       7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!CreateProcessW                                                                           7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!CreateProcessA                                                                           7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!VirtualAlloc                                                                             7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!VirtualAllocEx                                                                           7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!CreateRemoteThread                                                                       7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!CreateThread                                                                             7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!CreateProcessInternalW                                                                   7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!CreateProcessInternalA                                                                   7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!WinExec                                                                                  7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!SetThreadContext                                                                         7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] kernel32.dll!GetBinaryTypeW + 80                                                                      7C868D8C 1 Byte  [62]
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] USER32.dll!SetWindowsHookExW                                                                          7E37820F 5 Bytes  JMP 003F0804 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] USER32.dll!UnhookWindowsHookEx                                                                        7E37D5F3 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] USER32.dll!SetWindowsHookExA                                                                          7E381211 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] USER32.dll!SetWinEventHook                                                                            7E3817F7 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] USER32.dll!UnhookWinEvent                                                                             7E3818AC 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity                                                                 77E26D81 5 Bytes  JMP 00451014 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ADVAPI32.dll!ChangeServiceConfigA                                                                     77E26E69 5 Bytes  JMP 00450804 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ADVAPI32.dll!ChangeServiceConfigW                                                                     77E27001 5 Bytes  JMP 00450A08 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A                                                                    77E27101 5 Bytes  JMP 00450C0C 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W                                                                    77E27189 5 Bytes  JMP 00450E10 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ADVAPI32.dll!CreateServiceA                                                                           77E27211 5 Bytes  JMP 004501F8 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ADVAPI32.dll!CreateServiceW                                                                           77E273A9 5 Bytes  JMP 004503FC 
.text           C:\Program Files\Common Files\Motive\McciCMService.exe[1984] ADVAPI32.dll!DeleteService                                                                            77E274B1 5 Bytes  JMP 00450600 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ntdll.dll!LdrLoadDll                                                                          7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186                                                            7C916865 1 Byte  [62]
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ntdll.dll!LdrUnloadDll                                                                        7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!VirtualProtectEx                                                                 7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!VirtualProtect                                                                   7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!WriteProcessMemory                                                               7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!CreateProcessW                                                                   7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!CreateProcessA                                                                   7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!VirtualAlloc                                                                     7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!VirtualAllocEx                                                                   7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!CreateRemoteThread                                                               7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!CreateThread                                                                     7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!CreateProcessInternalW                                                           7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!CreateProcessInternalA                                                           7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!WinExec                                                                          7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!SetThreadContext                                                                 7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] kernel32.dll!GetBinaryTypeW + 80                                                              7C868D8C 1 Byte  [62]
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 003F0804 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] USER32.dll!UnhookWindowsHookEx                                                                7E37D5F3 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] USER32.dll!SetWinEventHook                                                                    7E3817F7 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] USER32.dll!UnhookWinEvent                                                                     7E3818AC 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity                                                         77E26D81 5 Bytes  JMP 005B1014 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!ChangeServiceConfigA                                                             77E26E69 5 Bytes  JMP 005B0804 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!ChangeServiceConfigW                                                             77E27001 5 Bytes  JMP 005B0A08 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A                                                            77E27101 3 Bytes  JMP 005B0C0C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A + 4                                                        77E27105 1 Byte  [88]
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W                                                            77E27189 5 Bytes  JMP 005B0E10 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!CreateServiceA                                                                   77E27211 5 Bytes  JMP 005B01F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!CreateServiceW                                                                   77E273A9 5 Bytes  JMP 005B03FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[2036] ADVAPI32.dll!DeleteService                                                                    77E274B1 5 Bytes  JMP 005B0600 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ntdll.dll!LdrLoadDll                                                                                       7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ntdll.dll!RtlDosSearchPath_U + 186                                                                         7C916865 1 Byte  [62]
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ntdll.dll!LdrUnloadDll                                                                                     7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!VirtualProtectEx                                                                              7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!VirtualProtect                                                                                7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!WriteProcessMemory                                                                            7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!CreateProcessW                                                                                7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!CreateProcessA                                                                                7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!VirtualAlloc                                                                                  7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!VirtualAllocEx                                                                                7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!CreateRemoteThread                                                                            7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!CreateThread                                                                                  7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!CreateProcessInternalW                                                                        7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!CreateProcessInternalA                                                                        7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!WinExec                                                                                       7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!SetThreadContext                                                                              7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] kernel32.dll!GetBinaryTypeW + 80                                                                           7C868D8C 1 Byte  [62]
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ADVAPI32.dll!SetServiceObjectSecurity                                                                      77E26D81 5 Bytes  JMP 003F1014 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ADVAPI32.dll!ChangeServiceConfigA                                                                          77E26E69 5 Bytes  JMP 003F0804 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ADVAPI32.dll!ChangeServiceConfigW                                                                          77E27001 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ADVAPI32.dll!ChangeServiceConfig2A                                                                         77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ADVAPI32.dll!ChangeServiceConfig2W                                                                         77E27189 5 Bytes  JMP 003F0E10 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ADVAPI32.dll!CreateServiceA                                                                                77E27211 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ADVAPI32.dll!CreateServiceW                                                                                77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] ADVAPI32.dll!DeleteService                                                                                 77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] USER32.dll!SetWindowsHookExW                                                                               7E37820F 5 Bytes  JMP 005F0804 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] USER32.dll!UnhookWindowsHookEx                                                                             7E37D5F3 5 Bytes  JMP 005F0A08 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] USER32.dll!SetWindowsHookExA                                                                               7E381211 5 Bytes  JMP 005F0600 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] USER32.dll!SetWinEventHook                                                                                 7E3817F7 5 Bytes  JMP 005F01F8 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] USER32.dll!UnhookWinEvent                                                                                  7E3818AC 5 Bytes  JMP 005F03FC 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] WS2_32.dll!socket                                                                                          71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] WS2_32.dll!bind                                                                                            71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[2192] WS2_32.dll!connect                                                                                         71A94A07 5 Bytes  JMP 00130950 
.text           C:\WINDOWS\system32\locator.exe[2264] ntdll.dll!LdrLoadDll                                                                                                         7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\locator.exe[2264] ntdll.dll!RtlDosSearchPath_U + 186                                                                                           7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\locator.exe[2264] ntdll.dll!LdrUnloadDll                                                                                                       7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!VirtualProtectEx                                                                                                7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!VirtualProtect                                                                                                  7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!WriteProcessMemory                                                                                              7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!CreateProcessW                                                                                                  7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!CreateProcessA                                                                                                  7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!VirtualAlloc                                                                                                    7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!VirtualAllocEx                                                                                                  7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!CreateRemoteThread                                                                                              7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!CreateThread                                                                                                    7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!CreateProcessInternalW                                                                                          7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!CreateProcessInternalA                                                                                          7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!WinExec                                                                                                         7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!SetThreadContext                                                                                                7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\locator.exe[2264] kernel32.dll!GetBinaryTypeW + 80                                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\locator.exe[2264] ADVAPI32.dll!SetServiceObjectSecurity                                                                                        77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\locator.exe[2264] ADVAPI32.dll!ChangeServiceConfigA                                                                                            77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\locator.exe[2264] ADVAPI32.dll!ChangeServiceConfigW                                                                                            77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\locator.exe[2264] ADVAPI32.dll!ChangeServiceConfig2A                                                                                           77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\locator.exe[2264] ADVAPI32.dll!ChangeServiceConfig2W                                                                                           77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\locator.exe[2264] ADVAPI32.dll!CreateServiceA                                                                                                  77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\locator.exe[2264] ADVAPI32.dll!CreateServiceW                                                                                                  77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\locator.exe[2264] ADVAPI32.dll!DeleteService                                                                                                   77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\locator.exe[2264] USER32.dll!SetWindowsHookExW                                                                                                 7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\locator.exe[2264] USER32.dll!UnhookWindowsHookEx                                                                                               7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\locator.exe[2264] USER32.dll!SetWindowsHookExA                                                                                                 7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\locator.exe[2264] USER32.dll!SetWinEventHook                                                                                                   7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\locator.exe[2264] USER32.dll!UnhookWinEvent                                                                                                    7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ntdll.dll!LdrLoadDll                                                                        7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ntdll.dll!RtlDosSearchPath_U + 186                                                          7C916865 1 Byte  [62]
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ntdll.dll!LdrUnloadDll                                                                      7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!VirtualProtectEx                                                               7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!VirtualProtect                                                                 7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!WriteProcessMemory                                                             7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!CreateProcessW                                                                 7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!CreateProcessA                                                                 7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!VirtualAlloc                                                                   7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!VirtualAllocEx                                                                 7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!CreateRemoteThread                                                             7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!CreateThread                                                                   7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!CreateProcessInternalW                                                         7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!CreateProcessInternalA                                                         7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!WinExec                                                                        7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!SetThreadContext                                                               7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] kernel32.dll!GetBinaryTypeW + 80                                                            7C868D8C 1 Byte  [62]
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ADVAPI32.dll!SetServiceObjectSecurity                                                       77E26D81 5 Bytes  JMP 003F1014 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ADVAPI32.dll!ChangeServiceConfigA                                                           77E26E69 5 Bytes  JMP 003F0804 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ADVAPI32.dll!ChangeServiceConfigW                                                           77E27001 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ADVAPI32.dll!ChangeServiceConfig2A                                                          77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ADVAPI32.dll!ChangeServiceConfig2W                                                          77E27189 5 Bytes  JMP 003F0E10 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ADVAPI32.dll!CreateServiceA                                                                 77E27211 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ADVAPI32.dll!CreateServiceW                                                                 77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] ADVAPI32.dll!DeleteService                                                                  77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 00420804 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] USER32.dll!UnhookWindowsHookEx                                                              7E37D5F3 5 Bytes  JMP 00420A08 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 00420600 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] USER32.dll!SetWinEventHook                                                                  7E3817F7 5 Bytes  JMP 004201F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2540] USER32.dll!UnhookWinEvent                                                                   7E3818AC 5 Bytes  JMP 004203FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ntdll.dll!LdrLoadDll                                                                         7C91632D 5 Bytes  JMP 000601F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ntdll.dll!RtlDosSearchPath_U + 186                                                           7C916865 1 Byte  [62]
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ntdll.dll!LdrUnloadDll                                                                       7C9171CD 5 Bytes  JMP 000603FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!VirtualProtectEx                                                                7C801A61 5 Bytes  JMP 000301A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!VirtualProtect                                                                  7C801AD4 5 Bytes  JMP 00030090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!WriteProcessMemory                                                              7C802213 5 Bytes  JMP 00030694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!CreateProcessW                                                                  7C802336 5 Bytes  JMP 000302C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!CreateProcessA                                                                  7C80236B 5 Bytes  JMP 00030234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!VirtualAlloc                                                                    7C809AF1 5 Bytes  JMP 00030004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!VirtualAllocEx                                                                  7C809B12 5 Bytes  JMP 0003011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!CreateRemoteThread                                                              7C8104CC 5 Bytes  JMP 000304F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!CreateThread                                                                    7C8106D7 5 Bytes  JMP 0003057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!CreateProcessInternalW                                                          7C8197B0 5 Bytes  JMP 000303D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!CreateProcessInternalA                                                          7C81D54E 5 Bytes  JMP 0003034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!WinExec                                                                         7C86250D 5 Bytes  JMP 00030464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!SetThreadContext                                                                7C863C09 5 Bytes  JMP 00030608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] kernel32.dll!GetBinaryTypeW + 80                                                             7C868D8C 1 Byte  [62]
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ADVAPI32.dll!SetServiceObjectSecurity                                                        77E26D81 5 Bytes  JMP 002F1014 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ADVAPI32.dll!ChangeServiceConfigA                                                            77E26E69 5 Bytes  JMP 002F0804 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ADVAPI32.dll!ChangeServiceConfigW                                                            77E27001 5 Bytes  JMP 002F0A08 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ADVAPI32.dll!ChangeServiceConfig2A                                                           77E27101 5 Bytes  JMP 002F0C0C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ADVAPI32.dll!ChangeServiceConfig2W                                                           77E27189 5 Bytes  JMP 002F0E10 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ADVAPI32.dll!CreateServiceA                                                                  77E27211 5 Bytes  JMP 002F01F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ADVAPI32.dll!CreateServiceW                                                                  77E273A9 5 Bytes  JMP 002F03FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] ADVAPI32.dll!DeleteService                                                                   77E274B1 5 Bytes  JMP 002F0600 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] USER32.dll!SetWindowsHookExW                                                                 7E37820F 5 Bytes  JMP 00300804 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] USER32.dll!UnhookWindowsHookEx                                                               7E37D5F3 5 Bytes  JMP 00300A08 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] USER32.dll!SetWindowsHookExA                                                                 7E381211 5 Bytes  JMP 00300600 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] USER32.dll!SetWinEventHook                                                                   7E3817F7 5 Bytes  JMP 003001F8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] USER32.dll!UnhookWinEvent                                                                    7E3818AC 5 Bytes  JMP 003003FC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] WININET.dll!InternetOpenW                                                                    771AAF55 5 Bytes  JMP 00030DB0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] WININET.dll!InternetConnectA                                                                 771B346A 5 Bytes  JMP 00030F54 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] WININET.dll!InternetOpenA                                                                    771B57A6 5 Bytes  JMP 00030D24 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] WININET.dll!InternetOpenUrlA                                                                 771B5A72 5 Bytes  JMP 00030E3C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] WININET.dll!InternetConnectW                                                                 771BEE50 5 Bytes  JMP 00030FE0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2572] WININET.dll!InternetOpenUrlW                                                                 771C5BC2 5 Bytes  JMP 00030EC8 
.text           C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!LdrLoadDll                                                                                                         7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186                                                                                           7C916865 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!LdrUnloadDll                                                                                                       7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!VirtualProtectEx                                                                                                7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!VirtualProtect                                                                                                  7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!WriteProcessMemory                                                                                              7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!CreateProcessW                                                                                                  7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!CreateProcessA                                                                                                  7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!VirtualAlloc                                                                                                    7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!VirtualAllocEx                                                                                                  7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!CreateRemoteThread                                                                                              7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!CreateThread                                                                                                    7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!CreateProcessInternalW                                                                                          7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!CreateProcessInternalA                                                                                          7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!WinExec                                                                                                         7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!SetThreadContext                                                                                                7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!GetBinaryTypeW + 80                                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity                                                                                        77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfigA                                                                                            77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfigW                                                                                            77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A                                                                                           77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W                                                                                           77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!CreateServiceA                                                                                                  77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!CreateServiceW                                                                                                  77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!DeleteService                                                                                                   77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWindowsHookExW                                                                                                 7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!UnhookWindowsHookEx                                                                                               7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWindowsHookExA                                                                                                 7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWinEventHook                                                                                                   7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!UnhookWinEvent                                                                                                    7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\System32\svchost.exe[2636] WS2_32.dll!socket                                                                                                            71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\System32\svchost.exe[2636] WS2_32.dll!bind                                                                                                              71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\System32\svchost.exe[2636] WS2_32.dll!connect                                                                                                           71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ntdll.dll!LdrLoadDll                                                                                   7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ntdll.dll!RtlDosSearchPath_U + 186                                                                     7C916865 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ntdll.dll!LdrUnloadDll                                                                                 7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!VirtualProtectEx                                                                          7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!VirtualProtect                                                                            7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!WriteProcessMemory                                                                        7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!CreateProcessW                                                                            7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!CreateProcessA                                                                            7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!VirtualAlloc                                                                              7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!VirtualAllocEx                                                                            7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!CreateRemoteThread                                                                        7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!CreateThread                                                                              7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!CreateProcessInternalW                                                                    7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!CreateProcessInternalA                                                                    7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!WinExec                                                                                   7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!SetThreadContext                                                                          7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] kernel32.dll!GetBinaryTypeW + 80                                                                       7C868D8C 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ADVAPI32.dll!SetServiceObjectSecurity                                                                  77E26D81 5 Bytes  JMP 00751014 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ADVAPI32.dll!ChangeServiceConfigA                                                                      77E26E69 5 Bytes  JMP 00750804 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ADVAPI32.dll!ChangeServiceConfigW                                                                      77E27001 5 Bytes  JMP 00750A08 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ADVAPI32.dll!ChangeServiceConfig2A                                                                     77E27101 5 Bytes  JMP 00750C0C 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ADVAPI32.dll!ChangeServiceConfig2W                                                                     77E27189 5 Bytes  JMP 00750E10 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ADVAPI32.dll!CreateServiceA                                                                            77E27211 5 Bytes  JMP 007501F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ADVAPI32.dll!CreateServiceW                                                                            77E273A9 5 Bytes  JMP 007503FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] ADVAPI32.dll!DeleteService                                                                             77E274B1 5 Bytes  JMP 00750600 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WS2_32.dll!socket                                                                                      71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WS2_32.dll!bind                                                                                        71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WS2_32.dll!connect                                                                                     71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!SetWindowsHookExW                                                                           7E37820F 5 Bytes  JMP 00760804 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!SetWindowLongA                                                                              7E37C29D 5 Bytes  JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!SetWindowLongW                                                                              7E37C2BB 5 Bytes  JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!GetWindowInfo                                                                               7E37C49C 5 Bytes  JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!UnhookWindowsHookEx                                                                         7E37D5F3 5 Bytes  JMP 00760A08 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!SetWindowsHookExA                                                                           7E381211 5 Bytes  JMP 00760600 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!SetWinEventHook                                                                             7E3817F7 5 Bytes  JMP 007601F8 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!UnhookWinEvent                                                                              7E3818AC 5 Bytes  JMP 007603FC 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] USER32.dll!TrackPopupMenu                                                                              7E3B531E 5 Bytes  JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WININET.dll!InternetOpenW                                                                              771AAF55 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WININET.dll!InternetConnectA                                                                           771B346A 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WININET.dll!InternetOpenA                                                                              771B57A6 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WININET.dll!InternetOpenUrlA                                                                           771B5A72 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WININET.dll!InternetConnectW                                                                           771BEE50 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[2652] WININET.dll!InternetOpenUrlW                                                                           771C5BC2 5 Bytes  JMP 00130EC8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ntdll.dll!LdrLoadDll                                                                                            7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186                                                                              7C916865 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ntdll.dll!LdrUnloadDll                                                                                          7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!VirtualProtectEx                                                                                   7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!VirtualProtect                                                                                     7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!WriteProcessMemory                                                                                 7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!CreateProcessW                                                                                     7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!CreateProcessA                                                                                     7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!VirtualAlloc                                                                                       7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!VirtualAllocEx                                                                                     7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!CreateRemoteThread                                                                                 7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!CreateThread                                                                                       7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!CreateProcessInternalW                                                                             7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!CreateProcessInternalA                                                                             7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!WinExec                                                                                            7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!SetThreadContext                                                                                   7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] kernel32.dll!GetBinaryTypeW + 80                                                                                7C868D8C 1 Byte  [62]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity                                                                           77E26D81 5 Bytes  JMP 00831014 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!ChangeServiceConfigA                                                                               77E26E69 5 Bytes  JMP 00830804 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!ChangeServiceConfigW                                                                               77E27001 5 Bytes  JMP 00830A08 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A                                                                              77E27101 5 Bytes  JMP 00830C0C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W                                                                              77E27189 5 Bytes  JMP 00830E10 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!CreateServiceA                                                                                     77E27211 5 Bytes  JMP 008301F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!CreateServiceW                                                                                     77E273A9 3 Bytes  JMP 008303FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!CreateServiceW + 4                                                                                 77E273AD 1 Byte  [88]
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] ADVAPI32.dll!DeleteService                                                                                      77E274B1 5 Bytes  JMP 00830600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WS2_32.dll!socket                                                                                               71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WS2_32.dll!bind                                                                                                 71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WS2_32.dll!connect                                                                                              71A94A07 5 Bytes  JMP 07832850 C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WS2_32.dll!WSAConnect                                                                                           71AA0C81 5 Bytes  JMP 07832A50 C:\Program Files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] USER32.dll!SetWindowsHookExW                                                                                    7E37820F 5 Bytes  JMP 00840804 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] USER32.dll!SetWindowPos                                                                                         7E3799F3 5 Bytes  JMP 05D71040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] USER32.dll!DrawIconEx                                                                                           7E37CB84 5 Bytes  JMP 05D711E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] USER32.dll!GetIconInfo                                                                                          7E37D427 5 Bytes  JMP 05D71120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] USER32.dll!UnhookWindowsHookEx                                                                                  7E37D5F3 5 Bytes  JMP 00840A08 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] USER32.dll!SetWindowsHookExA                                                                                    7E381211 5 Bytes  JMP 00840600 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] USER32.dll!SetWinEventHook                                                                                      7E3817F7 5 Bytes  JMP 008401F8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] USER32.dll!UnhookWinEvent                                                                                       7E3818AC 5 Bytes  JMP 008403FC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WININET.dll!InternetOpenW                                                                                       771AAF55 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WININET.dll!InternetConnectA                                                                                    771B346A 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WININET.dll!InternetOpenA                                                                                       771B57A6 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WININET.dll!InternetOpenUrlA                                                                                    771B5A72 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WININET.dll!InternetConnectW                                                                                    771BEE50 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[2700] WININET.dll!InternetOpenUrlW                                                                                    771C5BC2 5 Bytes  JMP 00130EC8 
.text           C:\WINDOWS\system32\svchost.exe[2784] ntdll.dll!LdrLoadDll                                                                                                         7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\system32\svchost.exe[2784] ntdll.dll!RtlDosSearchPath_U + 186                                                                                           7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2784] ntdll.dll!LdrUnloadDll                                                                                                       7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!VirtualProtectEx                                                                                                7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!VirtualProtect                                                                                                  7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!WriteProcessMemory                                                                                              7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateProcessW                                                                                                  7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateProcessA                                                                                                  7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!VirtualAlloc                                                                                                    7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!VirtualAllocEx                                                                                                  7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateRemoteThread                                                                                              7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateThread                                                                                                    7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateProcessInternalW                                                                                          7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!CreateProcessInternalA                                                                                          7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!WinExec                                                                                                         7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!SetThreadContext                                                                                                7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[2784] kernel32.dll!GetBinaryTypeW + 80                                                                                             7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity                                                                                        77E26D81 5 Bytes  JMP 00311014 
.text           C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigA                                                                                            77E26E69 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigW                                                                                            77E27001 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A                                                                                           77E27101 5 Bytes  JMP 00310C0C 
.text           C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W                                                                                           77E27189 5 Bytes  JMP 00310E10 
.text           C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!CreateServiceA                                                                                                  77E27211 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!CreateServiceW                                                                                                  77E273A9 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\system32\svchost.exe[2784] ADVAPI32.dll!DeleteService                                                                                                   77E274B1 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!SetWindowsHookExW                                                                                                 7E37820F 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!UnhookWindowsHookEx                                                                                               7E37D5F3 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!SetWindowsHookExA                                                                                                 7E381211 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!SetWinEventHook                                                                                                   7E3817F7 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\system32\svchost.exe[2784] USER32.dll!UnhookWinEvent                                                                                                    7E3818AC 5 Bytes  JMP 003203FC 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] ntdll.dll!LdrLoadDll                                                                                          7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] ntdll.dll!RtlDosSearchPath_U + 186                                                                            7C916865 1 Byte  [62]
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] ntdll.dll!LdrUnloadDll                                                                                        7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!VirtualProtectEx                                                                                 7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!VirtualProtect                                                                                   7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!WriteProcessMemory                                                                               7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!CreateProcessW                                                                                   7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!CreateProcessA                                                                                   7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!VirtualAlloc                                                                                     7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!VirtualAllocEx                                                                                   7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!CreateRemoteThread                                                                               7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!CreateThread                                                                                     7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!CreateProcessInternalW                                                                           7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!CreateProcessInternalA                                                                           7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!WinExec                                                                                          7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!SetThreadContext                                                                                 7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] kernel32.dll!GetBinaryTypeW + 80                                                                              7C868D8C 1 Byte  [62]
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] user32.dll!SetWindowsHookExW                                                                                  7E37820F 5 Bytes  JMP 00970804 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] user32.dll!UnhookWindowsHookEx                                                                                7E37D5F3 5 Bytes  JMP 00970A08 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] user32.dll!SetWindowsHookExA                                                                                  7E381211 5 Bytes  JMP 00970600 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] user32.dll!SetWinEventHook                                                                                    7E3817F7 5 Bytes  JMP 009701F8 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] user32.dll!UnhookWinEvent                                                                                     7E3818AC 5 Bytes  JMP 009703FC 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] advapi32.dll!SetServiceObjectSecurity                                                                         77E26D81 5 Bytes  JMP 00981014 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] advapi32.dll!ChangeServiceConfigA                                                                             77E26E69 5 Bytes  JMP 00980804 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] advapi32.dll!ChangeServiceConfigW                                                                             77E27001 5 Bytes  JMP 00980A08 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] advapi32.dll!ChangeServiceConfig2A                                                                            77E27101 5 Bytes  JMP 00980C0C 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] advapi32.dll!ChangeServiceConfig2W                                                                            77E27189 5 Bytes  JMP 00980E10 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] advapi32.dll!CreateServiceA                                                                                   77E27211 5 Bytes  JMP 009801F8 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] advapi32.dll!CreateServiceW                                                                                   77E273A9 5 Bytes  JMP 009803FC 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] advapi32.dll!DeleteService                                                                                    77E274B1 5 Bytes  JMP 00980600 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] WS2_32.dll!socket                                                                                             71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] WS2_32.dll!bind                                                                                               71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Glary Utilities\memdefrag.exe[3192] WS2_32.dll!connect                                                                                            71A94A07 5 Bytes  JMP 00130950 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ntdll.dll!LdrLoadDll                                                                                                        7C91632D 5 Bytes  JMP 001501F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ntdll.dll!RtlDosSearchPath_U + 186                                                                                          7C916865 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ntdll.dll!LdrUnloadDll                                                                                                      7C9171CD 5 Bytes  JMP 001503FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!VirtualProtectEx                                                                                               7C801A61 5 Bytes  JMP 001301A8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!VirtualProtect                                                                                                 7C801AD4 5 Bytes  JMP 00130090 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!WriteProcessMemory                                                                                             7C802213 5 Bytes  JMP 00130694 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!CreateProcessW                                                                                                 7C802336 5 Bytes  JMP 001302C0 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!CreateProcessA                                                                                                 7C80236B 5 Bytes  JMP 00130234 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!VirtualAlloc                                                                                                   7C809AF1 5 Bytes  JMP 00130004 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!VirtualAllocEx                                                                                                 7C809B12 5 Bytes  JMP 0013011C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!CreateRemoteThread                                                                                             7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!CreateThread                                                                                                   7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!CreateProcessInternalW                                                                                         7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!CreateProcessInternalA                                                                                         7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!WinExec                                                                                                        7C86250D 5 Bytes  JMP 00130464 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!SetThreadContext                                                                                               7C863C09 5 Bytes  JMP 00130608 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] kernel32.dll!GetBinaryTypeW + 80                                                                                            7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] USER32.dll!SetWindowsHookExW                                                                                                7E37820F 5 Bytes  JMP 003E0804 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] USER32.dll!UnhookWindowsHookEx                                                                                              7E37D5F3 5 Bytes  JMP 003E0A08 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] USER32.dll!SetWindowsHookExA                                                                                                7E381211 5 Bytes  JMP 003E0600 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] USER32.dll!SetWinEventHook                                                                                                  7E3817F7 5 Bytes  JMP 003E01F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] USER32.dll!UnhookWinEvent                                                                                                   7E3818AC 5 Bytes  JMP 003E03FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity                                                                                       77E26D81 5 Bytes  JMP 003F1014 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ADVAPI32.dll!ChangeServiceConfigA                                                                                           77E26E69 5 Bytes  JMP 003F0804 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ADVAPI32.dll!ChangeServiceConfigW                                                                                           77E27001 5 Bytes  JMP 003F0A08 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A                                                                                          77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W                                                                                          77E27189 5 Bytes  JMP 003F0E10 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ADVAPI32.dll!CreateServiceA                                                                                                 77E27211 5 Bytes  JMP 003F01F8 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ADVAPI32.dll!CreateServiceW                                                                                                 77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\WINDOWS\system32\Ati2evxx.exe[3320] ADVAPI32.dll!DeleteService                                                                                                  77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ntdll.dll!LdrLoadDll                                                                                         7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C916865 1 Byte  [62]
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ntdll.dll!LdrUnloadDll                                                                                       7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!VirtualProtectEx                                                                                7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!VirtualProtect                                                                                  7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!WriteProcessMemory                                                                              7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!CreateProcessW                                                                                  7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!CreateProcessA                                                                                  7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!VirtualAlloc                                                                                    7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!VirtualAllocEx                                                                                  7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!CreateRemoteThread                                                                              7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!CreateThread                                                                                    7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!CreateProcessInternalW                                                                          7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!CreateProcessInternalA                                                                          7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!WinExec                                                                                         7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!SetThreadContext                                                                                7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity                                                                        77E26D81 5 Bytes  JMP 003F1014 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ADVAPI32.dll!ChangeServiceConfigA                                                                            77E26E69 5 Bytes  JMP 003F0804 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ADVAPI32.dll!ChangeServiceConfigW                                                                            77E27001 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A                                                                           77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W                                                                           77E27189 5 Bytes  JMP 003F0E10 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ADVAPI32.dll!CreateServiceA                                                                                  77E27211 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ADVAPI32.dll!CreateServiceW                                                                                  77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] ADVAPI32.dll!DeleteService                                                                                   77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] USER32.dll!SetWindowsHookExW                                                                                 7E37820F 5 Bytes  JMP 00480804 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] USER32.dll!UnhookWindowsHookEx                                                                               7E37D5F3 5 Bytes  JMP 00480A08 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] USER32.dll!SetWindowsHookExA                                                                                 7E381211 5 Bytes  JMP 00480600 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] USER32.dll!SetWinEventHook                                                                                   7E3817F7 5 Bytes  JMP 004801F8 
.text           C:\Program Files\Stardock\CursorFX\CursorFX.exe[3396] USER32.dll!UnhookWinEvent                                                                                    7E3818AC 5 Bytes  JMP 004803FC 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ntdll.dll!LdrLoadDll                                                                                7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ntdll.dll!RtlDosSearchPath_U + 186                                                                  7C916865 1 Byte  [62]
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ntdll.dll!LdrUnloadDll                                                                              7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!VirtualProtectEx                                                                       7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!VirtualProtect                                                                         7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!WriteProcessMemory                                                                     7C802213 5 Bytes  JMP 00130694 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!CreateProcessW                                                                         7C802336 5 Bytes  JMP 001302C0 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!CreateProcessA                                                                         7C80236B 5 Bytes  JMP 00130234 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!VirtualAlloc                                                                           7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!VirtualAllocEx                                                                         7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!CreateRemoteThread                                                                     7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!CreateThread                                                                           7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!CreateProcessInternalW                                                                 7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!CreateProcessInternalA                                                                 7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!WinExec                                                                                7C86250D 5 Bytes  JMP 00130464 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!SetThreadContext                                                                       7C863C09 5 Bytes  JMP 00130608 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] kernel32.dll!GetBinaryTypeW + 80                                                                    7C868D8C 1 Byte  [62]
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ADVAPI32.dll!SetServiceObjectSecurity                                                               77E26D81 5 Bytes  JMP 009E1014 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ADVAPI32.dll!ChangeServiceConfigA                                                                   77E26E69 5 Bytes  JMP 009E0804 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ADVAPI32.dll!ChangeServiceConfigW                                                                   77E27001 5 Bytes  JMP 009E0A08 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ADVAPI32.dll!ChangeServiceConfig2A                                                                  77E27101 5 Bytes  JMP 009E0C0C 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ADVAPI32.dll!ChangeServiceConfig2W                                                                  77E27189 5 Bytes  JMP 009E0E10 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ADVAPI32.dll!CreateServiceA                                                                         77E27211 5 Bytes  JMP 009E01F8 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ADVAPI32.dll!CreateServiceW                                                                         77E273A9 5 Bytes  JMP 009E03FC 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] ADVAPI32.dll!DeleteService                                                                          77E274B1 5 Bytes  JMP 009E0600 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] USER32.dll!SetWindowsHookExW                                                                        7E37820F 5 Bytes  JMP 009F0804 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] USER32.dll!SetWindowPos                                                                             7E3799F3 5 Bytes  JMP 10001040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] USER32.dll!DrawIconEx                                                                               7E37CB84 5 Bytes  JMP 100011E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] USER32.dll!GetIconInfo                                                                              7E37D427 5 Bytes  JMP 10001120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] USER32.dll!UnhookWindowsHookEx                                                                      7E37D5F3 5 Bytes  JMP 009F0A08 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] USER32.dll!SetWindowsHookExA                                                                        7E381211 5 Bytes  JMP 009F0600 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] USER32.dll!SetWinEventHook                                                                          7E3817F7 5 Bytes  JMP 009F01F8 
.text           C:\Documents and Settings\Pavel \00.  -\gmer.exe[3444] USER32.dll!UnhookWinEvent                                                                           7E3818AC 5 Bytes  JMP 009F03FC 
.text           C:\WINDOWS\System32\alg.exe[3688] ntdll.dll!LdrLoadDll                                                                                                             7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\System32\alg.exe[3688] ntdll.dll!RtlDosSearchPath_U + 186                                                                                               7C916865 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3688] ntdll.dll!LdrUnloadDll                                                                                                           7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!VirtualProtectEx                                                                                                    7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!VirtualProtect                                                                                                      7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!WriteProcessMemory                                                                                                  7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!CreateProcessW                                                                                                      7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!CreateProcessA                                                                                                      7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!VirtualAlloc                                                                                                        7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!VirtualAllocEx                                                                                                      7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!CreateRemoteThread                                                                                                  7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!CreateThread                                                                                                        7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!CreateProcessInternalW                                                                                              7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!CreateProcessInternalA                                                                                              7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!WinExec                                                                                                             7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!SetThreadContext                                                                                                    7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\System32\alg.exe[3688] kernel32.dll!GetBinaryTypeW + 80                                                                                                 7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\System32\alg.exe[3688] USER32.dll!SetWindowsHookExW                                                                                                     7E37820F 5 Bytes  JMP 00310804 
.text           C:\WINDOWS\System32\alg.exe[3688] USER32.dll!UnhookWindowsHookEx                                                                                                   7E37D5F3 5 Bytes  JMP 00310A08 
.text           C:\WINDOWS\System32\alg.exe[3688] USER32.dll!SetWindowsHookExA                                                                                                     7E381211 5 Bytes  JMP 00310600 
.text           C:\WINDOWS\System32\alg.exe[3688] USER32.dll!SetWinEventHook                                                                                                       7E3817F7 5 Bytes  JMP 003101F8 
.text           C:\WINDOWS\System32\alg.exe[3688] USER32.dll!UnhookWinEvent                                                                                                        7E3818AC 5 Bytes  JMP 003103FC 
.text           C:\WINDOWS\System32\alg.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity                                                                                            77E26D81 5 Bytes  JMP 00321014 
.text           C:\WINDOWS\System32\alg.exe[3688] ADVAPI32.dll!ChangeServiceConfigA                                                                                                77E26E69 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\System32\alg.exe[3688] ADVAPI32.dll!ChangeServiceConfigW                                                                                                77E27001 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\System32\alg.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A                                                                                               77E27101 5 Bytes  JMP 00320C0C 
.text           C:\WINDOWS\System32\alg.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W                                                                                               77E27189 5 Bytes  JMP 00320E10 
.text           C:\WINDOWS\System32\alg.exe[3688] ADVAPI32.dll!CreateServiceA                                                                                                      77E27211 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\System32\alg.exe[3688] ADVAPI32.dll!CreateServiceW                                                                                                      77E273A9 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\System32\alg.exe[3688] ADVAPI32.dll!DeleteService                                                                                                       77E274B1 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\System32\alg.exe[3688] WS2_32.dll!socket                                                                                                                71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\System32\alg.exe[3688] WS2_32.dll!bind                                                                                                                  71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\System32\alg.exe[3688] WS2_32.dll!connect                                                                                                               71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ntdll.dll!LdrLoadDll                                                                                         7C91632D 5 Bytes  JMP 001601F8 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ntdll.dll!RtlDosSearchPath_U + 186                                                                           7C916865 1 Byte  [62]
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ntdll.dll!LdrUnloadDll                                                                                       7C9171CD 5 Bytes  JMP 001603FC 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!VirtualProtectEx                                                                                7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!VirtualProtect                                                                                  7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!WriteProcessMemory                                                                              7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!CreateProcessW                                                                                  7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!CreateProcessA                                                                                  7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!VirtualAlloc                                                                                    7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!VirtualAllocEx                                                                                  7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!CreateRemoteThread                                                                              7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!CreateThread                                                                                    7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!CreateProcessInternalW                                                                          7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!CreateProcessInternalA                                                                          7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!WinExec                                                                                         7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!SetThreadContext                                                                                7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] kernel32.dll!GetBinaryTypeW + 80                                                                             7C868D8C 1 Byte  [62]
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ADVAPI32.dll!SetServiceObjectSecurity                                                                        77E26D81 5 Bytes  JMP 003F1014 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ADVAPI32.dll!ChangeServiceConfigA                                                                            77E26E69 5 Bytes  JMP 003F0804 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ADVAPI32.dll!ChangeServiceConfigW                                                                            77E27001 5 Bytes  JMP 003F0A08 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ADVAPI32.dll!ChangeServiceConfig2A                                                                           77E27101 5 Bytes  JMP 003F0C0C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ADVAPI32.dll!ChangeServiceConfig2W                                                                           77E27189 5 Bytes  JMP 003F0E10 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ADVAPI32.dll!CreateServiceA                                                                                  77E27211 5 Bytes  JMP 003F01F8 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ADVAPI32.dll!CreateServiceW                                                                                  77E273A9 5 Bytes  JMP 003F03FC 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] ADVAPI32.dll!DeleteService                                                                                   77E274B1 5 Bytes  JMP 003F0600 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] USER32.dll!SetWindowsHookExW                                                                                 7E37820F 5 Bytes  JMP 00430804 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] USER32.dll!UnhookWindowsHookEx                                                                               7E37D5F3 5 Bytes  JMP 00430A08 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] USER32.dll!SetWindowsHookExA                                                                                 7E381211 5 Bytes  JMP 00430600 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] USER32.dll!SetWinEventHook                                                                                   7E3817F7 5 Bytes  JMP 004301F8 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] USER32.dll!UnhookWinEvent                                                                                    7E3818AC 5 Bytes  JMP 004303FC 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WS2_32.dll!socket                                                                                            71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WS2_32.dll!bind                                                                                              71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WS2_32.dll!connect                                                                                           71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WININET.dll!InternetOpenW                                                                                    771AAF55 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WININET.dll!InternetConnectA                                                                                 771B346A 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WININET.dll!InternetOpenA                                                                                    771B57A6 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WININET.dll!InternetOpenUrlA                                                                                 771B5A72 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WININET.dll!InternetConnectW                                                                                 771BEE50 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Google\Update\GoogleUpdate.exe[3828] WININET.dll!InternetOpenUrlW                                                                                 771C5BC2 5 Bytes  JMP 00130EC8 
.text           C:\WINDOWS\Explorer.EXE[3948] ntdll.dll!LdrLoadDll                                                                                                                 7C91632D 5 Bytes  JMP 000A01F8 
.text           C:\WINDOWS\Explorer.EXE[3948] ntdll.dll!RtlDosSearchPath_U + 186                                                                                                   7C916865 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[3948] ntdll.dll!LdrUnloadDll                                                                                                               7C9171CD 5 Bytes  JMP 000A03FC 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!VirtualProtectEx                                                                                                        7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!VirtualProtect                                                                                                          7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!WriteProcessMemory                                                                                                      7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateProcessW                                                                                                          7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateProcessA                                                                                                          7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!VirtualAlloc                                                                                                            7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!VirtualAllocEx                                                                                                          7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateRemoteThread                                                                                                      7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateThread                                                                                                            7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateProcessInternalW                                                                                                  7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!CreateProcessInternalA                                                                                                  7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!WinExec                                                                                                                 7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!SetThreadContext                                                                                                        7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\Explorer.EXE[3948] kernel32.dll!GetBinaryTypeW + 80                                                                                                     7C868D8C 1 Byte  [62]
.text           C:\WINDOWS\Explorer.EXE[3948] ADVAPI32.dll!SetServiceObjectSecurity                                                                                                77E26D81 5 Bytes  JMP 00321014 
.text           C:\WINDOWS\Explorer.EXE[3948] ADVAPI32.dll!ChangeServiceConfigA                                                                                                    77E26E69 5 Bytes  JMP 00320804 
.text           C:\WINDOWS\Explorer.EXE[3948] ADVAPI32.dll!ChangeServiceConfigW                                                                                                    77E27001 5 Bytes  JMP 00320A08 
.text           C:\WINDOWS\Explorer.EXE[3948] ADVAPI32.dll!ChangeServiceConfig2A                                                                                                   77E27101 5 Bytes  JMP 00320C0C 
.text           C:\WINDOWS\Explorer.EXE[3948] ADVAPI32.dll!ChangeServiceConfig2W                                                                                                   77E27189 5 Bytes  JMP 00320E10 
.text           C:\WINDOWS\Explorer.EXE[3948] ADVAPI32.dll!CreateServiceA                                                                                                          77E27211 5 Bytes  JMP 003201F8 
.text           C:\WINDOWS\Explorer.EXE[3948] ADVAPI32.dll!CreateServiceW                                                                                                          77E273A9 5 Bytes  JMP 003203FC 
.text           C:\WINDOWS\Explorer.EXE[3948] ADVAPI32.dll!DeleteService                                                                                                           77E274B1 5 Bytes  JMP 00320600 
.text           C:\WINDOWS\Explorer.EXE[3948] USER32.dll!SetWindowsHookExW                                                                                                         7E37820F 5 Bytes  JMP 00330804 
.text           C:\WINDOWS\Explorer.EXE[3948] USER32.dll!SetWindowPos                                                                                                              7E3799F3 5 Bytes  JMP 10001040 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\WINDOWS\Explorer.EXE[3948] USER32.dll!DrawIconEx                                                                                                                7E37CB84 5 Bytes  JMP 100011E0 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\WINDOWS\Explorer.EXE[3948] USER32.dll!GetIconInfo                                                                                                               7E37D427 5 Bytes  JMP 10001120 C:\Program Files\Stardock\CursorFX\CurXP0.dll (CursorFX support DLL/ )
.text           C:\WINDOWS\Explorer.EXE[3948] USER32.dll!UnhookWindowsHookEx                                                                                                       7E37D5F3 5 Bytes  JMP 00330A08 
.text           C:\WINDOWS\Explorer.EXE[3948] USER32.dll!SetWindowsHookExA                                                                                                         7E381211 5 Bytes  JMP 00330600 
.text           C:\WINDOWS\Explorer.EXE[3948] USER32.dll!SetWinEventHook                                                                                                           7E3817F7 5 Bytes  JMP 003301F8 
.text           C:\WINDOWS\Explorer.EXE[3948] USER32.dll!UnhookWinEvent                                                                                                            7E3818AC 5 Bytes  JMP 003303FC 
.text           C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetOpenW                                                                                                            771AAF55 5 Bytes  JMP 00080DB0 
.text           C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetConnectA                                                                                                         771B346A 5 Bytes  JMP 00080F54 
.text           C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetOpenA                                                                                                            771B57A6 5 Bytes  JMP 00080D24 
.text           C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetOpenUrlA                                                                                                         771B5A72 5 Bytes  JMP 00080E3C 
.text           C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetConnectW                                                                                                         771BEE50 5 Bytes  JMP 00080FE0 
.text           C:\WINDOWS\Explorer.EXE[3948] WININET.dll!InternetOpenUrlW                                                                                                         771C5BC2 5 Bytes  JMP 00080EC8 
.text           C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!socket                                                                                                                    71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!bind                                                                                                                      71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\Explorer.EXE[3948] WS2_32.dll!connect                                                                                                                   71A94A07 5 Bytes  JMP 00080950 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\WINDOWS\system32\services.exe[1300] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]                                                      00650002
IAT             C:\WINDOWS\system32\services.exe[1300] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                                                            00650000

---- Devices - GMER 1.0.15 ----

Device          \FileSystem\Ntfs \Ntfs                                                                                                                                             aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                             tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                             aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                           SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                           aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                          SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Ftdisk \Device\HarddiskVolume1                                                                                                                             tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                          SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                                          aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                        SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                                        aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program Files\Pinnacle\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook                1
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b                                                 0xE2 0x63 0x26 0xF1 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b                                                 0x6A 0x9C 0xD6 0x61 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016                                                 0x7A 0x45 0x05 0xFD ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48                                                 0x86 0x8C 0x21 0x01 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472                                                 0xE9 0x02 0x6C 0xFA ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d                                                 0xDF 0x20 0x58 0x62 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b                                                 0xFB 0xA7 0x78 0xE6 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d                                                 0x01 0x3A 0x48 0xFC ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3                                                 0xF6 0x0F 0x4E 0x58 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b                                                 0x3D 0xCE 0xEA 0x26 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6                                                 0xE3 0x0E 0x66 0xD5 ...
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32                                                                                  
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel                                                                   Apartment
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@                                                                                 C:\WINDOWS\system32\OLE32.DLL
Reg             HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2                                                 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1397927837-3391985782-4092049836-1006    14655488 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\ComDb.Dat                                                               23796 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\domain.txt                                                              40 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository                                                              0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\$WinMgmt.CFG                                                 20 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\FS                                                           0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\FS\INDEX.BTR                                                 1392640 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\FS\INDEX.MAP                                                 724 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\FS\MAPPING.VER                                               4 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\FS\MAPPING1.MAP                                              6056 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\FS\MAPPING2.MAP                                              6056 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\FS\OBJECTS.DATA                                              10854400 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\Repository\FS\OBJECTS.MAP                                               5340 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_MACHINE_SAM                                                   24576 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_MACHINE_SECURITY                                              65536 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_MACHINE_SOFTWARE                                              48803840 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_MACHINE_SYSTEM                                                7856128 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_.DEFAULT                                                 5095424 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_NTUSER_S-1-5-18                                          262144 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_NTUSER_S-1-5-19                                          1466368 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_NTUSER_S-1-5-20                                          1454080 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1397927837-3391985782-4092049836-1005    8912896 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1397927837-3391985782-4092049836-1007    7602176 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1397927837-3391985782-4092049836-1009    7077888 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_NTUSER_S-1-5-21-1397927837-3391985782-4092049836-500     5242880 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-19                                        4435968 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-20                                        4435968 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP168\snapshot\_REGISTRY_USER_USRCLASS_S-1-5-21-1397927837-3391985782-4092049836-1006  4653056 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0099349.ini                                                                     1018 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098053.ini                                                                     272 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098054.ini                                                                     62 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098055.ini                                                                     62 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098056.ini                                                                     1018 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098057.ini                                                                     62 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098058.ini                                                                     7128 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098059.ini                                                                     32 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098060.mfl                                                                     2382447 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098061.lnk                                                                     718 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098062.lnk                                                                     684 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098063.lnk                                                                     520 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098064.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098065.lnk                                                                     442 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098066.lnk                                                                     943 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098067.lnk                                                                     964 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098068.lnk                                                                     449 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098069.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098071.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098072.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098073.lnk                                                                     630 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098074.lnk                                                                     425 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098075.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098076.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098077.lnk                                                                     994 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098078.lnk                                                                     994 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098079.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098080.lnk                                                                     994 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098081.lnk                                                                     994 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098082.lnk                                                                     361 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098083.lnk                                                                     863 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098084.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098085.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098086.lnk                                                                     514 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098087.lnk                                                                     605 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098089.lnk                                                                     863 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098090.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098091.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098092.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098093.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098094.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098095.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098096.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098097.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098098.lnk                                                                     870 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098099.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098100.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098101.lnk                                                                     324 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098102.lnk                                                                     451 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098103.lnk                                                                     863 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098104.lnk                                                                     640 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098105.lnk                                                                     793 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098107.ini                                                                     150 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098108.ini                                                                     65 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098109.lnk                                                                     1853 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098110.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098111.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098112.lnk                                                                     1914 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098113.lnk                                                                     1885 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098114.lnk                                                                     1878 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098115.lnk                                                                     1853 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098116.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098117.lnk                                                                     813 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098118.lnk                                                                     1914 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098119.lnk                                                                     1885 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098120.lnk                                                                     0 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098121.cfg                                                                     958837 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098122.lnk                                                                     1712 bytes
File            C:\System Volume Information\_restore{ACF9B156-F3E1-4852-B333-2CC628745A66}\RP169\A0098123.ini                                                                     0 bytes
File            C:\UCTO\Karta DHM a DNM.xls                                                                                                                                        330240 bytes
File            C:\UCTO\Karta zsob.xls                                                                                                                                            214528 bytes
File            C:\UCTO\Kontrola vkladu od Termoinstalac3.xls                                                                                                                     32256 bytes
File            C:\UCTO\PEHLED FAKTUR A PJEMEK 2008.xls                                                                                                                         296448 bytes
File            C:\UCTO\SMLOUVA O SPOLUPRCI .2.doc                                                                                                                               62976 bytes
File            C:\UCTO\VZOR SMLOUVY O PJCE.doc                                                                                                                                  24064 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08                                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO                                                                                                                                    0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_001.png                                                                                                                        1866 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_002.png                                                                                                                        2043 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_003.png                                                                                                                        2366 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_004.png                                                                                                                        2389 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_005.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_006.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_007.png                                                                                                                        1952 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_008.png                                                                                                                        1404 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_009.png                                                                                                                        2171 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_010.png                                                                                                                        1926 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_011.png                                                                                                                        1842 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_012.png                                                                                                                        2793 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_013.png                                                                                                                        2887 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_014.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_015.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_016.png                                                                                                                        2807 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_017.png                                                                                                                        2444 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_018.png                                                                                                                        2759 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_019.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_021.png                                                                                                                        2698 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_022.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_023.png                                                                                                                        2508 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_024.png                                                                                                                        2423 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_025.png                                                                                                                        2024 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_026.png                                                                                                                        2259 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_027.png                                                                                                                        2127 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_028.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_029.png                                                                                                                        2190 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_030.png                                                                                                                        2049 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_031.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_032.png                                                                                                                        2137 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_033.png                                                                                                                        1970 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_034.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_035.png                                                                                                                        1504 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_036.png                                                                                                                        2266 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_037.png                                                                                                                        2104 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_038.png                                                                                                                        1769 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_039.png                                                                                                                        1400 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_041.png                                                                                                                        1982 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_042.png                                                                                                                        2097 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_043.png                                                                                                                        2117 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_044.png                                                                                                                        2261 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_045.png                                                                                                                        2152 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_046.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_047.png                                                                                                                        1881 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_048.png                                                                                                                        1844 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_049.png                                                                                                                        1372 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_050.png                                                                                                                        1840 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_051.png                                                                                                                        1439 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_052.png                                                                                                                        2252 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_053.png                                                                                                                        2068 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_054.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_055.png                                                                                                                        2312 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_056.png                                                                                                                        2136 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_057.png                                                                                                                        2409 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_058.png                                                                                                                        2519 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_059.png                                                                                                                        2300 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_061.png                                                                                                                        1971 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_062.png                                                                                                                        2393 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_063.png                                                                                                                        2214 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_064.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_065.png                                                                                                                        2015 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_066.png                                                                                                                        2173 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_067.png                                                                                                                        1716 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_068.png                                                                                                                        2328 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_069.png                                                                                                                        2324 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_070.png                                                                                                                        1940 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_071.png                                                                                                                        2091 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_072.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_073.png                                                                                                                        2787 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_074.png                                                                                                                        2774 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_075.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_076.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_077.png                                                                                                                        2721 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_078.png                                                                                                                        1742 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_079.png                                                                                                                        2326 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_081.png                                                                                                                        2017 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_082.png                                                                                                                        1895 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_083.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_084.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_085.png                                                                                                                        1914 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_086.png                                                                                                                        2025 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_087.png                                                                                                                        1976 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_088.png                                                                                                                        2328 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_089.png                                                                                                                        1891 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_090.png                                                                                                                        2477 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_091.png                                                                                                                        2375 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_092.png                                                                                                                        2033 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_093.png                                                                                                                        1999 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_094.png                                                                                                                        1880 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_095.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_096.png                                                                                                                        2419 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_097.png                                                                                                                        1624 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_098.png                                                                                                                        1765 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_099.png                                                                                                                        1524 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_101.png                                                                                                                        2433 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_102.png                                                                                                                        2600 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_103.png                                                                                                                        2238 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_104.png                                                                                                                        2448 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_105.png                                                                                                                        2192 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_106.png                                                                                                                        1377 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_107.png                                                                                                                        2583 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_108.png                                                                                                                        2244 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_109.png                                                                                                                        1905 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_110.png                                                                                                                        2267 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_111.png                                                                                                                        2446 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_112.png                                                                                                                        1890 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_113.png                                                                                                                        2095 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_114.png                                                                                                                        1660 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_115.png                                                                                                                        2087 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_116.png                                                                                                                        2724 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_117.png                                                                                                                        1976 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_118.png                                                                                                                        1955 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_119.png                                                                                                                        2223 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_120.png                                                                                                                        2125 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_121.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_122.png                                                                                                                        2368 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_123.png                                                                                                                        2428 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_124.png                                                                                                                        0 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_125.png                                                                                                                        1096 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_126.png                                                                                                                        1273 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_127.png                                                                                                                        907 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_128.png                                                                                                                        1178 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_129.png                                                                                                                        1117 bytes
File            C:\ZLOHA LCS\HELIOS_RED.08\ICO\rdi_130.png                                                                                                                        1173 bytes
File            C:\ZLOHA LCS\HELIOS_RED.09                                                                                                                                        0 bytes

---- EOF - GMER 1.0.15 ----
