Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer shuts down


  • Please log in to reply
15 replies to this topic

#1 cowboys2006

cowboys2006

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 May 2011 - 08:50 PM

my computer keeps on shutting down almost everyday. I got this when the computer turned back on

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: a
BCP1: 00000000
BCP2: 0000001B
BCP3: 00000000
BCP4: 82EB3276
OS Version: 6_0_6002
Service Pack: 2_0
Product: 768_1

Files that help describe the problem:
C:\WINDOWS\Minidump\Mini051411-01.dmp
C:\Users\DAVID\AppData\Local\temp\WER-38282-0.sysdata.xml
C:\Users\DAVID\AppData\Local\temp\WER72EC.tmp.version.txt

Read our privacy statement:
http://go.microsoft.com/fwlink/?linkid=50163&clcid=0x0409



I dont know what is causing it but it is getting annoying can someone please help me with this issue.

thanks you

BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:23 PM

Posted 14 May 2011 - 08:54 PM

We need to know more about your BSODs...

Download BlueScreenView (in Zip file)

No installation required.

Unzip downloaded file and double click on BlueScreenView.exe file to run the program and When scanning is done, go to Edit > Select All.

Then go to File > Save Selected Items, and save the report as BSOD.txt.

Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

Compliments of Broni

#3 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 May 2011 - 09:11 PM

==================================================
Dump File : Mini051411-01.dmp
Crash Time : 5/14/2011 7:48:45 AM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000000
Parameter 2 : 0x0000001b
Parameter 3 : 0x00000000
Parameter 4 : 0x82eb3276
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini051411-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 155,120
==================================================

==================================================
Dump File : Mini051011-01.dmp
Crash Time : 5/10/2011 7:30:33 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x00000024
Parameter 2 : 0x00000002
Parameter 3 : 0x00000000
Parameter 4 : 0x82ebcc9f
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini051011-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 154,912
==================================================

==================================================
Dump File : Mini042711-01.dmp
Crash Time : 4/27/2011 1:55:04 PM
Bug Check String : ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY
Bug Check Code : 0x000000fc
Parameter 1 : 0x9e8b0c24
Parameter 2 : 0x77684963
Parameter 3 : 0x9e8b0b68
Parameter 4 : 0x00000002
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18327 (vistasp2_gdr.101014-0432)
Processor : 32-bit
Computer Name :
Full Path : C:\Windows\Minidump\Mini042711-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 155,256
==================================================

#4 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:23 PM

Posted 14 May 2011 - 09:15 PM

How to Test your RAM



Guide Overview

The purpose of this guide is to teach you how to check whether your system's RAM (Ramdom Access Memory) is working properly. Bad RAM can lead to a whole host of problems, often which do not appear to have a single cause -- appearing as systemwide glitches, blue screens, and other system trouble. MemTest86+ provides a very good detection mechanism for failed RAM, and is about as good a test you get short of actually replacing the module itself.

Tools Needed
Please perform these steps from a separate, working, machine.Perform these steps on the problem machine.
  • Put your CD in the drive and configure your machine to boot to the CD. This is different on all machines, but it's usually by pressing F12 or F10 as your system boots, and selecting either "CDROM" or your cdrom drive. If you are unable to force a CDRom boot, reply with the make and model of your machine and I should be able to get you exact instructions.
  • If you've done it correctly, MemTest86+ will start to run automaticly, as shown below:
    Posted Image
  • If you want to be reasonably your RAM is OK, then allow MemTest to run until you see this message:
    Posted Image

    On the other hand, if you want to be completely sure your RAM is OK, allow MemTest to run overnight. Memtest will run forever until power is pulled on the machine.
  • Check the MemTest screen for any reported errors. Errors will appear as RED warnings at the bottom of the screen, similar to the following screenshot:
    Posted Image
  • Hard-Reset the machine, removing the MemTest disk in the process.
If you didn't get an error screen, Congratulations! :)

Compliments of Billy O'Neal.

#5 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 May 2011 - 09:20 PM

i dont have another computer to download the program that you want me to do it. Can i do it with this computer and then run the test? OR i really need a working computer. Not sure if this makes a difference??


Thank you for your help.

#6 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:23 PM

Posted 14 May 2011 - 09:22 PM

You can use the computer you are using now to download that program it will be burned to a CD.

#7 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 15 May 2011 - 12:40 AM

ok i have finished doing the test and it said process complete no errors found press esc to exit.

#8 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:23 PM

Posted 15 May 2011 - 12:42 AM

Please perform the following, so that we can get the exact specs of your computer. This will better assist us in helping you more.

Publish a Snapshot using Speccy

The below is for those who cannot get online

Please take caution when attaching a text file to your post if you cannot copy/paste the link to your post, you will need to edit it to make sure that your Windows Key is not present.

#9 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 15 May 2011 - 12:48 AM

http://speccy.piriform.com/results/m5R4l8R4pB0nQnt6d7ELquW

#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:23 PM

Posted 15 May 2011 - 12:54 AM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#11 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 15 May 2011 - 02:47 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6582

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

5/15/2011 11:16:03 AM
mbam-log-2011-05-15 (11-16-03).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 355302
Time elapsed: 1 hour(s), 41 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)






SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/15/2011 at 01:45 PM

Application Version : 4.46.1000

Core Rules Database Version : 7060
Trace Rules Database Version: 4872

Scan type : Complete Scan
Total Scan Time : 01:10:36

Memory items scanned : 347
Memory threats detected : 0
Registry items scanned : 9732
Registry threats detected : 0
File items scanned : 62519
File threats detected : 54

Adware.Tracking Cookie
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.wsod[3].txt
ad.insightexpressai.com [ C:\Users\DAVID\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U6K5NLZ2 ]
ia.media-imdb.com [ C:\Users\DAVID\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U6K5NLZ2 ]
s0.2mdn.net [ C:\Users\DAVID\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U6K5NLZ2 ]
secure-us.imrworldwide.com [ C:\Users\DAVID\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\U6K5NLZ2 ]
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@ar.atwola[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@at.atwola[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@mediabrandsww[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@segment-pixel.invitemedia[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@user.lucidmedia[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@stats.paypal[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@adxpose[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@ad.wsod[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@revsci[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@e-2dj6wjlyugc5klp.stats.esomniture[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@a1.interclick[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@legolas-media[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@tacoda.at.atwola[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@stats4.clicktracks[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.monster[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@www.sjdiscounttools[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@sjdiscounttools[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@sjdiscounttools[3].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@sales.liveperson[3].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@sales.liveperson[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[3].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[7].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[4].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[5].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@invitemedia[6].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@simplehitcounter[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@clickfuse[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@www.googleadservices[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@media2.legacy[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@www.googleadservices[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@adserver.adtechus[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@edgeadx[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.undertone[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@kontera[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@insightexpressai[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@g-pixel.invitemedia[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@ads.webkinz[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@media.adfrontiers[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@service.liveperson[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@yieldmanager[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@collective-media[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[6].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[5].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[3].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@liveperson[1].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@interclick[2].txt
C:\Users\DAVID\AppData\Roaming\Microsoft\Windows\Cookies\david@media6degrees[2].txt

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-15 14:40:32
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000005b WDC_WD50 rev.12.0
Running: begq53om.exe; Driver: C:\Users\DAVID\AppData\Local\Temp\pxldapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E58B9CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E58DEAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E58DF04]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E58E01A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E58DE02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E58DF54]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E58DE56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E58DFC8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E58B9EE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E58B7B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E58BA12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E58E412]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E58C4AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E58DEDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E58DF2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E58E044]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E58DE2E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E58DF94]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E58DE84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E58DFF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E58C370]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E58BA36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E58BA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E58B812]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E58B94E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E58B92A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E58B972]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x904E9620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E58BA7E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x905828DE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 82EAC890 4 Bytes [CA, B9, 58, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D1 82EAC954 8 Bytes [AC, DE, 58, 8E, 04, DF, 58, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 82EAC960 4 Bytes [1A, E0, 58, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1F5 82EAC978 4 Bytes [02, DE, 58, 8E]
.text ntkrnlpa.exe!KeSetEvent + 215 82EAC998 8 Bytes [54, DF, 58, 8E, 56, DE, 58, ...] {PUSH ESP; FISTP WORD [EAX-0x72]; PUSH ESI; FICOMP WORD [EAX-0x72]}
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82FD75C7 5 Bytes JMP 9057E29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 830304F3 5 Bytes JMP 9057FD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 83039E18 4 Bytes CALL 8E58CE3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8303DA8C 4 Bytes CALL 8E58CE51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 83091DAE 7 Bytes JMP 905828E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[124] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[124] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[124] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[124] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[124] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[124] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[124] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[124] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[124] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[124] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[124] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001C00A8
.text C:\Windows\system32\svchost.exe[124] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001C00E4
.text C:\Windows\system32\svchost.exe[124] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 001C0120
.text C:\Windows\system32\svchost.exe[124] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 001C0030
.text C:\Windows\system32\svchost.exe[124] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 001C006C
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\Dwm.exe[312] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\Dwm.exe[312] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\Dwm.exe[312] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Windows\Explorer.EXE[568] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\Explorer.EXE[568] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\Explorer.EXE[568] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\Explorer.EXE[568] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\Explorer.EXE[568] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\Explorer.EXE[568] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\Explorer.EXE[568] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\Explorer.EXE[568] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\Explorer.EXE[568] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\Explorer.EXE[568] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\Explorer.EXE[568] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\Explorer.EXE[568] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\Explorer.EXE[568] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\Explorer.EXE[568] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\Explorer.EXE[568] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00040030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0004006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0006006C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000600A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000601D4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000600E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00060120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0006015C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00060198
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00060030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[588] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\wininit.exe[660] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00030030
.text C:\Windows\system32\wininit.exe[660] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0003006C
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\wininit.exe[660] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000600A8
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\wininit.exe[660] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00060120
.text C:\Windows\system32\wininit.exe[660] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\wininit.exe[660] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0006006C
.text C:\Windows\system32\services.exe[704] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\services.exe[704] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\services.exe[704] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\services.exe[704] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\services.exe[704] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\services.exe[704] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\services.exe[704] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\services.exe[704] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsass.exe[720] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsass.exe[720] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsass.exe[720] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\lsass.exe[720] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\lsass.exe[720] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\lsass.exe[720] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\lsm.exe[732] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\lsm.exe[732] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\lsm.exe[732] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00030030
.text C:\Windows\system32\winlogon.exe[800] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0003006C
.text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0005006C
.text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000500A8
.text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000501D4
.text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000500E4
.text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00050120
.text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0005015C
.text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00050198
.text C:\Windows\system32\winlogon.exe[800] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00050030
.text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000600A8
.text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000600E4
.text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00060120
.text C:\Windows\system32\winlogon.exe[800] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00060030
.text C:\Windows\system32\winlogon.exe[800] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0006006C
.text C:\WINDOWS\RtHDVCpl.exe[904] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\WINDOWS\RtHDVCpl.exe[904] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\WINDOWS\RtHDVCpl.exe[904] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\WINDOWS\RtHDVCpl.exe[904] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\WINDOWS\RtHDVCpl.exe[904] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\WINDOWS\RtHDVCpl.exe[904] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\WINDOWS\RtHDVCpl.exe[904] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\WINDOWS\RtHDVCpl.exe[904] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\WINDOWS\RtHDVCpl.exe[904] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\WINDOWS\RtHDVCpl.exe[904] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\WINDOWS\RtHDVCpl.exe[904] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001800A8
.text C:\WINDOWS\RtHDVCpl.exe[904] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001800E4
.text C:\WINDOWS\RtHDVCpl.exe[904] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00180120
.text C:\WINDOWS\RtHDVCpl.exe[904] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00180030
.text C:\WINDOWS\RtHDVCpl.exe[904] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\nvvsvc.exe[976] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[976] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[976] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[976] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001801D4
.text C:\Windows\system32\nvvsvc.exe[976] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[976] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0018015C
.text C:\Windows\system32\nvvsvc.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00180198
.text C:\Windows\system32\nvvsvc.exe[976] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[976] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001900A8
.text C:\Windows\system32\nvvsvc.exe[976] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001900E4
.text C:\Windows\system32\nvvsvc.exe[976] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00190120
.text C:\Windows\system32\nvvsvc.exe[976] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00190030
.text C:\Windows\system32\nvvsvc.exe[976] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0019006C
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001500A8
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001500E4
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00150120
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00150030
.text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0015006C
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001200A8
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001200E4
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00120120
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00120030
.text C:\Windows\System32\svchost.exe[1060] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0012006C
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000D00A8
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000D00E4
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 000D0120
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 000D0030
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 000D006C
.text C:\Windows\system32\taskeng.exe[1140] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[1140] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0008006C
.text C:\Windows\system32\taskeng.exe[1140] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 000A006C
.text C:\Windows\system32\taskeng.exe[1140] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000A00A8
.text C:\Windows\system32\taskeng.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000A01D4
.text C:\Windows\system32\taskeng.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000A00E4
.text C:\Windows\system32\taskeng.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 000A0120
.text C:\Windows\system32\taskeng.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 000A015C
.text C:\Windows\system32\taskeng.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 000A0198
.text C:\Windows\system32\taskeng.exe[1140] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 000A0030
.text C:\Windows\system32\taskeng.exe[1140] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000B00A8
.text C:\Windows\system32\taskeng.exe[1140] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000B00E4
.text C:\Windows\system32\taskeng.exe[1140] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 000B0120
.text C:\Windows\system32\taskeng.exe[1140] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 000B0030
.text C:\Windows\system32\taskeng.exe[1140] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 000B006C
.text C:\Windows\System32\svchost.exe[1164] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[1164] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 00DC00A8
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 00DC00E4
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00DC0120
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00DC0030
.text C:\Windows\System32\svchost.exe[1164] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 00DC006C
.text C:\Windows\System32\spoolsv.exe[1176] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00090030
.text C:\Windows\System32\spoolsv.exe[1176] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0009006C
.text C:\Windows\System32\spoolsv.exe[1176] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 000B006C
.text C:\Windows\System32\spoolsv.exe[1176] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000B00A8
.text C:\Windows\System32\spoolsv.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\System32\spoolsv.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\System32\spoolsv.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 000B0120
.text C:\Windows\System32\spoolsv.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 000B015C
.text C:\Windows\System32\spoolsv.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 000B0198
.text C:\Windows\System32\spoolsv.exe[1176] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 000B0030
.text C:\Windows\System32\spoolsv.exe[1176] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 009E00A8
.text C:\Windows\System32\spoolsv.exe[1176] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 009E00E4
.text C:\Windows\System32\spoolsv.exe[1176] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 009E0120
.text C:\Windows\System32\spoolsv.exe[1176] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 009E0030
.text C:\Windows\System32\spoolsv.exe[1176] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 009E006C
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\unsecapp.exe[1180] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\unsecapp.exe[1180] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\unsecapp.exe[1180] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\unsecapp.exe[1180] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\unsecapp.exe[1180] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\unsecapp.exe[1180] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00090030
.text C:\Windows\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0009006C
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 000B006C
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000B00A8
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000B01D4
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000B00E4
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 000B0120
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 000B015C
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 000B0198
.text C:\Windows\system32\svchost.exe[1184] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 000B0030
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001D00A8
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001D00E4
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 001D0120
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 001D0030
.text C:\Windows\system32\svchost.exe[1184] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 001D006C
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1328] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1328] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\wmiprvse.exe[1336] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 00A500A8
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 00A500E4
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00A50120
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00A50030
.text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 00A5006C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001800A8
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001800E4
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00180120
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00180030
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1496] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\nvvsvc.exe[1516] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Windows\system32\nvvsvc.exe[1516] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Windows\system32\nvvsvc.exe[1516] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\nvvsvc.exe[1516] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\nvvsvc.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\nvvsvc.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\nvvsvc.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\nvvsvc.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\nvvsvc.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\nvvsvc.exe[1516] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\nvvsvc.exe[1516] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001800A8
.text C:\Windows\system32\nvvsvc.exe[1516] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001800E4
.text C:\Windows\system32\nvvsvc.exe[1516] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00180120
.text C:\Windows\system32\nvvsvc.exe[1516] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00180030
.text C:\Windows\system32\nvvsvc.exe[1516] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[1660] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[1660] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001400A8
.text C:\Windows\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001400E4
.text C:\Windows\system32\svchost.exe[1660] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00140120
.text C:\Windows\system32\svchost.exe[1660] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00140030
.text C:\Windows\system32\svchost.exe[1660] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0014006C
.text C:\Windows\system32\WUDFHost.exe[1972] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\WUDFHost.exe[1972] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\WUDFHost.exe[1972] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\WUDFHost.exe[1972] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\WUDFHost.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\WUDFHost.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\WUDFHost.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\WUDFHost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\WUDFHost.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\WUDFHost.exe[1972] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\WUDFHost.exe[1972] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\WUDFHost.exe[1972] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\WUDFHost.exe[1972] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\WUDFHost.exe[1972] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\WUDFHost.exe[1972] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[2008] kernel32.dll!SetUnhandledExceptionFilter 76D3A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001700A8
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001700E4
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00170120
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00170030
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0017006C
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0018006C
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001800A8
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001801D4
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001800E4
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00180120
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0018015C
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00180198
.text C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe[2092] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00180030
.text C:\WINDOWS\ModPS2Key.exe[2164] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\WINDOWS\ModPS2Key.exe[2164] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\WINDOWS\ModPS2Key.exe[2164] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001700A8
.text C:\WINDOWS\ModPS2Key.exe[2164] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001700E4
.text C:\WINDOWS\ModPS2Key.exe[2164] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00170120
.text C:\WINDOWS\ModPS2Key.exe[2164] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00170030
.text C:\WINDOWS\ModPS2Key.exe[2164] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0017006C
.text C:\WINDOWS\ModPS2Key.exe[2164] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0018006C
.text C:\WINDOWS\ModPS2Key.exe[2164] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001800A8
.text C:\WINDOWS\ModPS2Key.exe[2164] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001801D4
.text C:\WINDOWS\ModPS2Key.exe[2164] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001800E4
.text C:\WINDOWS\ModPS2Key.exe[2164] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00180120
.text C:\WINDOWS\ModPS2Key.exe[2164] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0018015C
.text C:\WINDOWS\ModPS2Key.exe[2164] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00180198
.text C:\WINDOWS\ModPS2Key.exe[2164] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00180030
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0036006C
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 003600A8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 003601D4
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 003600E4
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00360120
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0036015C
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00360198
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00360030
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 003700A8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 003700E4
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00370120
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00370030
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0037006C
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00330030
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0033006C
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0035006C
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 003500A8
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 003501D4
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 003500E4
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 3 Bytes JMP 00350120
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!ChangeServiceConfigW + 4 76BC6F85 1 Byte [89]
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0035015C
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00350198
.text C:\Program Files\uTorrent\uTorrent.exe[2592] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00350030
.text C:\Program Files\uTorrent\uTorrent.exe[2592] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 003600A8
.text C:\Program Files\uTorrent\uTorrent.exe[2592] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 003600E4
.text C:\Program Files\uTorrent\uTorrent.exe[2592] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00360120
.text C:\Program Files\uTorrent\uTorrent.exe[2592] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00360030
.text C:\Program Files\uTorrent\uTorrent.exe[2592] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0036006C
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 001A006C
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001A00A8
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001A01D4
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001A00E4
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 001A0120
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 001A015C
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 001A0198
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 001A0030
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001B00A8
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001B00E4
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 001B0120
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 001B0030
.text C:\Users\DAVID\Downloads\begq53om.exe[2612] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 001B006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[2688] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\WINDOWS\ehome\ehtray.exe[2724] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\WINDOWS\ehome\ehtray.exe[2724] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\WINDOWS\ehome\ehtray.exe[2724] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\WINDOWS\ehome\ehtray.exe[2724] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\WINDOWS\ehome\ehtray.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\WINDOWS\ehome\ehtray.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\WINDOWS\ehome\ehtray.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\WINDOWS\ehome\ehtray.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\WINDOWS\ehome\ehtray.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\WINDOWS\ehome\ehtray.exe[2724] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\WINDOWS\ehome\ehtray.exe[2724] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\WINDOWS\ehome\ehtray.exe[2724] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\WINDOWS\ehome\ehtray.exe[2724] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\WINDOWS\ehome\ehtray.exe[2724] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\WINDOWS\ehome\ehtray.exe[2724] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0029006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 002900A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 002901D4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 002900E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00290120
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0029015C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00290198
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00290030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 002A00A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 002A00E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 002A0120
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 002A0030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2784] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 002A006C
.text C:\Windows\ehome\ehmsas.exe[2856] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00040030
.text C:\Windows\ehome\ehmsas.exe[2856] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0004006C
.text C:\Windows\ehome\ehmsas.exe[2856] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0006006C
.text C:\Windows\ehome\ehmsas.exe[2856] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000600A8
.text C:\Windows\ehome\ehmsas.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000601D4
.text C:\Windows\ehome\ehmsas.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000600E4
.text C:\Windows\ehome\ehmsas.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00060120
.text C:\Windows\ehome\ehmsas.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0006015C
.text C:\Windows\ehome\ehmsas.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00060198
.text C:\Windows\ehome\ehmsas.exe[2856] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00060030
.text C:\Windows\ehome\ehmsas.exe[2856] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000700A8
.text C:\Windows\ehome\ehmsas.exe[2856] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000700E4
.text C:\Windows\ehome\ehmsas.exe[2856] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00070120
.text C:\Windows\ehome\ehmsas.exe[2856] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00070030
.text C:\Windows\ehome\ehmsas.exe[2856] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0007006C
.text C:\Windows\System\w98eject.exe[2872] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00140030
.text C:\Windows\System\w98eject.exe[2872] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0014006C
.text C:\Windows\System\w98eject.exe[2872] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001600A8
.text C:\Windows\System\w98eject.exe[2872] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001600E4
.text C:\Windows\System\w98eject.exe[2872] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00160120
.text C:\Windows\System\w98eject.exe[2872] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00160030
.text C:\Windows\System\w98eject.exe[2872] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0016006C
.text C:\Windows\System\w98eject.exe[2872] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0018006C
.text C:\Windows\System\w98eject.exe[2872] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001800A8
.text C:\Windows\System\w98eject.exe[2872] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001801D4
.text C:\Windows\System\w98eject.exe[2872] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001800E4
.text C:\Windows\System\w98eject.exe[2872] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00180120
.text C:\Windows\System\w98eject.exe[2872] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0018015C
.text C:\Windows\System\w98eject.exe[2872] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00180198
.text C:\Windows\System\w98eject.exe[2872] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0018015C
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00180198
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[2900] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\svchost.exe[2920] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[2920] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[2920] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001800A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001800E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00180120
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00180030
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[2948] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0018015C
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00180198
.text C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe[3040] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\FsUsbExService.Exe[3092] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00140030
.text C:\Windows\system32\FsUsbExService.Exe[3092] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0014006C
.text C:\Windows\system32\FsUsbExService.Exe[3092] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001600A8
.text C:\Windows\system32\FsUsbExService.Exe[3092] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001600E4
.text C:\Windows\system32\FsUsbExService.Exe[3092] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00160120
.text C:\Windows\system32\FsUsbExService.Exe[3092] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00160030
.text C:\Windows\system32\FsUsbExService.Exe[3092] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0016006C
.text C:\Windows\system32\FsUsbExService.Exe[3092] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Windows\system32\FsUsbExService.Exe[3092] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Windows\system32\FsUsbExService.Exe[3092] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Windows\system32\FsUsbExService.Exe[3092] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Windows\system32\FsUsbExService.Exe[3092] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Windows\system32\FsUsbExService.Exe[3092] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Windows\system32\FsUsbExService.Exe[3092] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Windows\system32\FsUsbExService.Exe[3092] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 001C006C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001C00A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001C01D4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001C00E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 001C0120
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 001C015C
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 001C0198
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 001C0030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001D00A8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001D00E4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 001D0120
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 001D0030
.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3296] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 001D006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceW 76B89EB4 3 Bytes JMP 0019006C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceW + 4 76B89EB8 1 Byte [89]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001900A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001901D4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001900E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00190120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0019015C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00190198
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00190030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001A00A8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001A00E4
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 001A0120
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 001A0030
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[3324] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 001A006C
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3416] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0018006C
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[3496] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[3496] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[3496] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001000A8
.text C:\Windows\system32\svchost.exe[3496] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001000E4
.text C:\Windows\system32\svchost.exe[3496] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00100120
.text C:\Windows\system32\svchost.exe[3496] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00100030
.text C:\Windows\system32\svchost.exe[3496] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0010006C
.text C:\Windows\system32\PSIService.exe[3508] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00140030
.text C:\Windows\system32\PSIService.exe[3508] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0014006C
.text C:\Windows\system32\PSIService.exe[3508] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0026006C
.text C:\Windows\system32\PSIService.exe[3508] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 002600A8
.text C:\Windows\system32\PSIService.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 002601D4
.text C:\Windows\system32\PSIService.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 002600E4
.text C:\Windows\system32\PSIService.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00260120
.text C:\Windows\system32\PSIService.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0026015C
.text C:\Windows\system32\PSIService.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00260198
.text C:\Windows\system32\PSIService.exe[3508] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00260030
.text C:\Windows\system32\PSIService.exe[3508] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 002700A8
.text C:\Windows\system32\PSIService.exe[3508] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 002700E4
.text C:\Windows\system32\PSIService.exe[3508] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00270120
.text C:\Windows\system32\PSIService.exe[3508] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00270030
.text C:\Windows\system32\PSIService.exe[3508] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0027006C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001800A8
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001800E4
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00180120
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00180030
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3564] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0018006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00140030
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0014006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001600A8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001600E4
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00160120
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00160030
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0016006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[3636] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Windows\system32\svchost.exe[3688] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[3688] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[3688] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[3688] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[3688] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\svchost.exe[3688] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 006A00A8
.text C:\Windows\system32\svchost.exe[3688] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 006A00E4
.text C:\Windows\system32\svchost.exe[3688] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 006A0120
.text C:\Windows\system32\svchost.exe[3688] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 006A0030
.text C:\Windows\system32\svchost.exe[3688] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 006A006C
.text C:\Windows\System32\StkASv2K.exe[3708] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00140030
.text C:\Windows\System32\StkASv2K.exe[3708] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0014006C
.text C:\Windows\System32\StkASv2K.exe[3708] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001600A8
.text C:\Windows\System32\StkASv2K.exe[3708] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001600E4
.text C:\Windows\System32\StkASv2K.exe[3708] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00160120
.text C:\Windows\System32\StkASv2K.exe[3708] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00160030
.text C:\Windows\System32\StkASv2K.exe[3708] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0016006C
.text C:\Windows\System32\StkASv2K.exe[3708] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Windows\System32\StkASv2K.exe[3708] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Windows\System32\StkASv2K.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Windows\System32\StkASv2K.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Windows\System32\StkASv2K.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Windows\System32\StkASv2K.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Windows\System32\StkASv2K.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Windows\System32\StkASv2K.exe[3708] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0017006C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001700A8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001701D4
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001700E4
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00170120
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0017015C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00170198
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3748] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00170030
.text C:\Windows\System32\svchost.exe[3768] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\System32\svchost.exe[3768] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\System32\svchost.exe[3768] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\System32\svchost.exe[3768] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\System32\svchost.exe[3768] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\System32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\System32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\System32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\System32\svchost.exe[3768] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\System32\svchost.exe[3768] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[3800] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\SearchIndexer.exe[3800] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\SearchIndexer.exe[3800] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\SearchIndexer.exe[3800] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\SearchIndexer.exe[3800] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\SearchIndexer.exe[3800] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\SearchIndexer.exe[3800] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\SearchIndexer.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\SearchIndexer.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\SearchIndexer.exe[3800] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\SearchIndexer.exe[3800] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\SearchIndexer.exe[3800] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\SearchIndexer.exe[3800] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\SearchIndexer.exe[3800] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\SearchIndexer.exe[3800] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\WUDFHost.exe[3936] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\WUDFHost.exe[3936] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\WUDFHost.exe[3936] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\WUDFHost.exe[3936] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\WUDFHost.exe[3936] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\WUDFHost.exe[3936] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\WUDFHost.exe[3936] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\WUDFHost.exe[3936] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\WUDFHost.exe[3936] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\WUDFHost.exe[3936] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\WUDFHost.exe[3936] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\WUDFHost.exe[3936] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\WUDFHost.exe[3936] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\WUDFHost.exe[3936] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\WUDFHost.exe[3936] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00140030
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0014006C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0016006C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001600A8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001601D4
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001600E4
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00160120
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0016015C
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00160198
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00160030
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001700A8
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001700E4
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00170120
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00170030
.text C:\Windows\system32\DRIVERS\xaudio.exe[3960] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00150030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0015006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 001700A8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 001700E4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00170120
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00170030
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0017006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0018006C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 001800A8
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 001801D4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 001800E4
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00180120
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0018015C
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00180198
.text C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe[4060] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00180030
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000800A8
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000800E4
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00080120
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00080030
.text C:\Windows\system32\wbem\wmiprvse.exe[4360] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0008006C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00040030
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0004006C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0006006C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000600A8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000601D4
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000600E4
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00060120
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0006015C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00060198
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00060030
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000700A8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000700E4
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00070120
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00070030
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[4408] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0007006C
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00040030
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0004006C
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0006006C
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000600A8
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000601D4
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000600E4
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00060120
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0006015C
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00060198
.text C:\Windows\servicing\TrustedInstaller.exe[4576] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00060030
.text C:\Windows\servicing\TrustedInstaller.exe[4576] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000700A8
.text C:\Windows\servicing\TrustedInstaller.exe[4576] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000700E4
.text C:\Windows\servicing\TrustedInstaller.exe[4576] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 00070120
.text C:\Windows\servicing\TrustedInstaller.exe[4576] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 00070030
.text C:\Windows\servicing\TrustedInstaller.exe[4576] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[4628] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00050030
.text C:\Windows\system32\svchost.exe[4628] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0005006C
.text C:\Windows\system32\svchost.exe[4628] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 0007006C
.text C:\Windows\system32\svchost.exe[4628] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000700A8
.text C:\Windows\system32\svchost.exe[4628] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000701D4
.text C:\Windows\system32\svchost.exe[4628] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000700E4
.text C:\Windows\system32\svchost.exe[4628] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 00070120
.text C:\Windows\system32\svchost.exe[4628] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 0007015C
.text C:\Windows\system32\svchost.exe[4628] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 00070198
.text C:\Windows\system32\svchost.exe[4628] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 00070030
.text C:\Windows\system32\taskeng.exe[5368] ntdll.dll!LdrLoadDll 772C93A8 5 Bytes JMP 00080030
.text C:\Windows\system32\taskeng.exe[5368] ntdll.dll!LdrUnloadDll 772DB740 5 Bytes JMP 0008006C
.text C:\Windows\system32\taskeng.exe[5368] ADVAPI32.dll!CreateServiceW 76B89EB4 5 Bytes JMP 000A006C
.text C:\Windows\system32\taskeng.exe[5368] ADVAPI32.dll!DeleteService 76B8A07E 5 Bytes JMP 000A00A8
.text C:\Windows\system32\taskeng.exe[5368] ADVAPI32.dll!SetServiceObjectSecurity 76BC6CD9 5 Bytes JMP 000A01D4
.text C:\Windows\system32\taskeng.exe[5368] ADVAPI32.dll!ChangeServiceConfigA 76BC6DD9 5 Bytes JMP 000A00E4
.text C:\Windows\system32\taskeng.exe[5368] ADVAPI32.dll!ChangeServiceConfigW 76BC6F81 5 Bytes JMP 000A0120
.text C:\Windows\system32\taskeng.exe[5368] ADVAPI32.dll!ChangeServiceConfig2A 76BC7099 5 Bytes JMP 000A015C
.text C:\Windows\system32\taskeng.exe[5368] ADVAPI32.dll!ChangeServiceConfig2W 76BC71E1 5 Bytes JMP 000A0198
.text C:\Windows\system32\taskeng.exe[5368] ADVAPI32.dll!CreateServiceA 76BC72A1 5 Bytes JMP 000A0030
.text C:\Windows\system32\taskeng.exe[5368] USER32.dll!SetWindowsHookExA 75E96322 5 Bytes JMP 000B00A8
.text C:\Windows\system32\taskeng.exe[5368] USER32.dll!SetWindowsHookExW 75E987AD 5 Bytes JMP 000B00E4
.text C:\Windows\system32\taskeng.exe[5368] USER32.dll!UnhookWindowsHookEx 75E998DB 5 Bytes JMP 000B0120
.text C:\Windows\system32\taskeng.exe[5368] USER32.dll!SetWinEventHook 75E99F3A 5 Bytes JMP 000B0030
.text C:\Windows\system32\taskeng.exe[5368] USER32.dll!UnhookWinEvent 75E9C06F 5 Bytes JMP 000B006C

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74137817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7418A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7413BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7412F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [741375E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7412E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74168395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7413DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7412FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7412FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [741271CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [741BCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7415C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7412D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74126853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7412687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[568] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74132AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [03922F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [03922CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [03922C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [03922CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[2556] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a934a8
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a934a8@60d0a98fa590 0x2B 0x6A 0x7A 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a934a8@0026baf481c7 0x3F 0xE4 0x41 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a934a8@00044819880f 0x26 0xB7 0xFD 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a934a8@68ebae4d0ef6 0x96 0xA5 0xFD 0x13 ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\000272a934a8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\000272a934a8@60d0a98fa590 0x2B 0x6A 0x7A 0xF5 ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\000272a934a8@0026baf481c7 0x3F 0xE4 0x41 0xBF ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\000272a934a8@00044819880f 0x26 0xB7 0xFD 0x74 ...
Reg HKLM\SYSTEM\ControlSet010\Services\BTHPORT\Parameters\Keys\000272a934a8@68ebae4d0ef6 0x96 0xA5 0xFD 0x13 ...

---- EOF - GMER 1.0.15 ----

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:23 PM

Posted 15 May 2011 - 06:07 PM

All I saw were tracking cookies and stuff.

Have you tried making sure that everythhing was updated driver wise?

#13 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 15 May 2011 - 06:49 PM

yeah everything is been updated on the computer i have the auto windows update thing that it doesnt by itself

Any idea what could be???

#14 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:12:23 PM

Posted 15 May 2011 - 06:53 PM

Heat and possible shorts can cause issues like this.

#15 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 15 May 2011 - 06:58 PM

so you think that it could possible thing that my computer is overheating ?? and it shuts down to protect it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users