Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post Virus Only Safe Mode works


  • This topic is locked This topic is locked
16 replies to this topic

#1 jillsocean

jillsocean

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 15 May 2011 - 12:17 PM

Hi there,
I have post-virus (trojan horse) removal problems. In normal start mode I can get the desktop but no programs start and Control Alt Delete does nothing. Safe mode does work. I can see someone posted a similar problem (hello4 virus post) and there are some standard steps to take, which I will do, and post the log.

Two questions first: I ran an avast scan and about twenty files were quarantined. Should I unquartantine them before running the new programs that you recommend? Can I do all of this in safe mode?
Thanks in advance-Jill

Edited by Orange Blossom, 15 May 2011 - 03:04 PM.
Move to AII from XP. ~ OB


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:37 AM

Posted 15 May 2011 - 12:23 PM

Try this: http://download.bleepingcomputer.com/grinler/unhide.exe

#3 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 15 May 2011 - 02:30 PM

I ran unhide.exe in safe mode. The next start up froze on one user profile. The second user profile (created in the middle of the problem) started up, I was able to open Mozilla Firefox, but it hung up on the first page I tried to load, and now nothing is opening or closing, and Cont.Alt.Del. is not working. Pleae let me know if it would help to start from scratch in describing my OS, symptoms, and efforts taken thus far.

Thanks so much for taking the time to help. Jill

#4 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 15 May 2011 - 05:21 PM

Since I have a time right now, I'll post a little more info:
OS is Windows XP Media Edition
PC is an HP Media Center desktop

Problem history (it is a bit of a blur now, so the order of things could be off):
- Running AVG and McAfee with daily scans.
- A few days ago my husband tried to download an image off the internet, and both anti-virus programs alerted to a problem.
- We ran a virus scan and AVG found a generic trojan horse, put it in quarantine.
- Things seemed to get progressively worse. PC would startup, but icons did not have programs associated with them. We had to use the Associate Program dialogue box to find programs, sometimes two or three times.
- AVG didn't find anything else.
- Downloaded Avast, it found about twenty problems, mostly .dll, all in quarantine now.
- Upon startup, AppleSync window would say CoreFoundation.dll not found.
- Then nothing seemed to work - no programs would open after startup,including control-alt-delete.
- Tried dougknox.com Windows XP file extension fix, for .exe files (edits the registry I believe). (I am not implying that was the problem)
- Only safe mode works now.
- I tried starting up with Last Known Good Configuration, and that worked once or twice, then quick crashes. I had a very brief improvement using unhide.exe, as described in the post above.

Any help you can give would be very much appreciated. I can only run new programs in Safe Mode. If I am advised to run something, please let me know if it matters which user I am logged in as.

Thanks in advance - Jill

#5 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:37 AM

Posted 15 May 2011 - 05:42 PM

Hello,

And welcome to BleepingComputer.com, before we can assist you with your question of: Am I infected? You will need to perform the following tasks and post the logs of each if you can.

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
Download Link 1
Download Link 2MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


SUPERAntiSpyware:

Please download and scan with SUPERAntiSpyware Free

  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Instructions:

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.


Now GMER

GMER does not work in 64bit Mode!!!!!!

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



#6 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 18 May 2011 - 10:42 AM

Hi again,
Thanks for taking the time to help me. It took a few days to get all of the scans completed, as I had trouble with GMER in safe mode. Luckily, the regular start up is working again, although everything is moving slow. Thanks again, and I look forward to your reply. I dont' see how to attach files, so I will try to break this into two posts. Jill

MBAM
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6586

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 7.0.5730.13



5/15/2011 6:15:25 PM
mbam-log-2011-05-15 (18-15-25).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 527533
Time elapsed: 1 hour(s), 45 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\jym.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SUPERANTISPYWARE

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/16/2011 at 10:39 AM

Application Version : 4.51.1000

Core Rules Database Version : 7062
Trace Rules Database Version: 4874

Scan type : Complete Scan
Total Scan Time : 15:47:36

Memory items scanned : 242
Memory threats detected : 0
Registry items scanned : 8985
Registry threats detected : 12
File items scanned : 329947
File threats detected : 212

System.BrokenFileAssociation
HKCR\.exe

Adware.DoubleD
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0\win32
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid32
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib#Version

Adware.Tracking Cookie
2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
acvs.mediaonenetwork.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
adsatt.espn.go.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
bannerfarm.ace.advertising.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
banners.securedataimages.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
broadcast.piximedia.fr [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
cdn.eyewonder.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
cdn.insights.gravity.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
cdn.media.abc.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
cdn4.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
cloudfront.mediamatters.org [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
content3.pornkolt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
core.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
ds.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
easytrack.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
bleepedhard18.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
googleads.g.doubleclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
ia.media-imdb.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
img-cdn.mediaplex.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
interclick.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
m.uk.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
m1.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
macromedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.foxsports.com.au [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.ign.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.jambocast.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.kens5.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.keyt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.mtvnservices.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.npr.org [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.oprah.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.perthnow.com.au [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.scanscout.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.scrippsnewspapers.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.tattomedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.vmixcore.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media.wfaa.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media01.kyte.tv [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media1.break.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
media1.surfline.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
mediaonenetwork.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
msnbcmedia.msn.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
multistats.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
naiadsystems.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
newmedia.kcrw.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
objects.tremormedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
oddcast.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
pornotube.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
richmedia247.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
s0.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
secure-uk.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
spe.atdmt.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
sprout.channelfinder.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
static.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
stmedia.startribune.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
track.webgains.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
udn.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
www.cracker.co.za [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
www.naiadsystems.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
www.porntube.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
www.xxxmsncam.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
xxxbunker.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
yieldmanager.edgesuite.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\5M8R4G54 ]
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ads.bridgetrack[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@ads.pointroll[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@data.coremetrics[1].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@insightexpressai[2].txt
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Cookies\hp_administrator@surfline.112.2o7[1].txt
.jandersencorp.112.2o7.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.doubleclick.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.statcounter.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.apmebf.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.mediaplex.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.247realmedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.fastclick.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.cgm.adbureau.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.cgm.adbureau.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.cgm.adbureau.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.casalemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.specificclick.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.avgtechnologies.112.2o7.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
statse.webtrendslive.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.tacoda.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.advertising.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.media6degrees.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.adecn.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.interclick.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.www.burstnet.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.burstnet.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.adbrite.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
user.lucidmedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.pro-market.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
segment-pixel.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.ru4.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.atdmt.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.dmtracker.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.richmedia.yahoo.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.lucidmedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.collective-media.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.trafficmp.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.tacoda.at.atwola.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.at.atwola.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.adserver.adtechus.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.zedo.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
pixel.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.invitemedia.com [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
.revsci.net [ C:\Documents and Settings\Trey\Application Data\Mozilla\Firefox\Profiles\mp9ctfrj.default\cookies.sqlite ]
C:\Documents and Settings\Trey\Cookies\trey@avgtechnologies.112.2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.zanox[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adecn[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.bootcampmedia[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.doubleagent[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@ads.lucidmedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@adserver.adtechus[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@apmebf[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@at.atwola[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@cache.trafficmp[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@crackle[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@linotraffic[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@media6degrees[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@network.realmedia[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@rotator.adjuggler[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@rotator.adjuggler[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@rotator.adjuggler[4].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@rotator.adjuggler[5].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@statcounter[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@swi-adserver[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@teen[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@www.burstbeacon[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@www.burstnet[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@yellowlinebanner[2].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\system@zanox[2].txt

#7 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 18 May 2011 - 11:41 AM

I will try to post the first half of the GMER log (I don't see any way tot attach the file).

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-18 05:55:58
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3000JS-60PDB0 rev.21.00M21
Running: o9vm8fik.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uwlcaaoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB1D94202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB1DFACB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB1DB86C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB1D9681C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB1D96874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB1D9698A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB1DB8075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB1D96772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB1D968C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB1D967C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB1D96938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB1D94226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB1DB8D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB1DB903D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB1D96C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB1DB8BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB1DB8A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB1DFAD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB1D93FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB1D9424A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB1D96D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB1D94CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB1D9684C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB1D9689C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB1D969B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB1DB83D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB1D9679E]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xBA2DA6C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB1D96904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB1D967F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB1D96B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB1D96962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB1DFADFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB1DB88D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB1D94BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB1DB872A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB1E03E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB1DB76E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB1D9426E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB1D94292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB1D9404A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB1D94186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB1DB8E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB1D94162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB1D941AA]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xBA2DA770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xBA2DA810]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB1D942B6]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xBA2DA8B0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB1E10902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 76, DB, B1]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B1D95335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B1E0C2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B1E0DD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B1E10906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8F92360, 0x20574D, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B1D97CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B1D97BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B1D96F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B1D97E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B1D98040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B1D97B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B1D96FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B1D971AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B1D97352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B1D96E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B1D97C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B1D97F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B1D9732A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B1D96E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B1D97D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B1D9706A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B1D970DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B1D97114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B1D96DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B1D96F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B1D97034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B1D9746C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B1D97EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\WINDOWS\system32\drivers\sbapifs.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\arservice.exe[276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\arservice.exe[276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\arservice.exe[276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\arservice.exe[276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\arservice.exe[276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\arservice.exe[276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\arservice.exe[276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\arservice.exe[276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\arservice.exe[276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\arservice.exe[276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\arservice.exe[276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\arservice.exe[276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\arservice.exe[276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\arservice.exe[276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\arservice.exe[276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\arservice.exe[276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\arservice.exe[276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[364] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\AVG\AVG10\avgwdsvc.exe[388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[468] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[496] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[496] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[496] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[496] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[496] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[496] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[496] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\eHome\ehSched.exe[516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[516] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[516] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\System32\smss.exe[740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\AVG\AVG10\avgchsvx.exe[796] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] USER32.dll!SetWindowsHookExW 7E42820F 3 Bytes JMP 01CE0804
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] USER32.dll!SetWindowsHookExW + 4 7E428213 1 Byte [83]
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01CE0A08
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01CE0600
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01CE01F8
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01CE03FC
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01CF1014
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01CF0804
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01CF0A08
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01CF0C0C
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01CF0E10
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 01CF01F8
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01CF03FC
.text C:\Program Files\Logitech\Vid HD\Vid.exe[976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01CF0600
.text C:\WINDOWS\system32\csrss.exe[988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[988] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[1048] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1072] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1072] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\DISC\DiscUpdMgr.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DISC\DiscUpdMgr.exe[1276] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[1476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[1476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[1476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[1476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[1476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[1476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[1476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[1544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[1544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[1544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[1544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1684] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[2012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[2012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[2012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00461014
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00460804
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00460A08
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00460C0C
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00460E10
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004601F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004603FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00460600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00470804
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00470A08
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00470600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004701F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[2248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004703FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[2384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2412] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2412] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2412] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2412] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2412] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2412] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2412] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00BC1014
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00BC0804
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00BC0A08
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00BC0C0C
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00BC0E10
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00BC01F8
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00BC03FC
.text C:\Program Files\AVG\AVG10\avgnsx.exe[2444] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00BC0600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[2548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\HP_Administrator\Desktop\o9vm8fik.exe[2980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\HP_Administrator\Desktop\o9vm8fik.exe[2980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ntdll.dll!LdrLoadDll

#8 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 18 May 2011 - 11:43 AM

And here is the second half (please advise on how to attach if that is what you prefer). Thanks very much for your help. Jill

7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2988] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00591014
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00590804
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00590A08
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00590C0C
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00590E10
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005901F8
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005903FC
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00590600
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005A0804
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005A0A08
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005A0600
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005A01F8
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005A03FC
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[3120] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\wscntfy.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[3160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[3160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[3160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wscntfy.exe[3160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[3160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wscntfy.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wscntfy.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wscntfy.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wscntfy.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wscntfy.exe[3160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wscntfy.exe[3160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wscntfy.exe[3160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Messenger\msmsgs.exe[3256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[3256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[3256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Messenger\msmsgs.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Messenger\msmsgs.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Messenger\msmsgs.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Messenger\msmsgs.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Messenger\msmsgs.exe[3256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Messenger\msmsgs.exe[3256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Messenger\msmsgs.exe[3256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Messenger\msmsgs.exe[3256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Messenger\msmsgs.exe[3256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Messenger\msmsgs.exe[3256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Messenger\msmsgs.exe[3256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Messenger\msmsgs.exe[3256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\Explorer.EXE[3312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[3312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[3312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[3312] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[3312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[3312] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[3312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[3312] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[3312] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\HP\KBD\KBD.EXE[3336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\HP\KBD\KBD.EXE[3336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\HP\KBD\KBD.EXE[3336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\HP\KBD\KBD.EXE[3336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\HP\KBD\KBD.EXE[3336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\HP\KBD\KBD.EXE[3336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\HP\KBD\KBD.EXE[3336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\HP\KBD\KBD.EXE[3336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\HP\KBD\KBD.EXE[3336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\HP\KBD\KBD.EXE[3336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\HP\KBD\KBD.EXE[3336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\HP\KBD\KBD.EXE[3336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\HP\KBD\KBD.EXE[3336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\HP\KBD\KBD.EXE[3336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\HP\KBD\KBD.EXE[3336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\HP\KBD\KBD.EXE[3336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\HP\KBD\KBD.EXE[3336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\AVG\AVG10\avgtray.exe[3352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\QuickTime\QTTask.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\QuickTime\QTTask.exe[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\QuickTime\QTTask.exe[3404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\QuickTime\QTTask.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\QuickTime\QTTask.exe[3404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\QuickTime\QTTask.exe[3404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\QuickTime\QTTask.exe[3404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\QuickTime\QTTask.exe[3404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\QuickTime\QTTask.exe[3404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\QuickTime\QTTask.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\QuickTime\QTTask.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\QuickTime\QTTask.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\QuickTime\QTTask.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\QuickTime\QTTask.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\QuickTime\QTTask.exe[3404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\QuickTime\QTTask.exe[3404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\QuickTime\QTTask.exe[3404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3508] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E50804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00E50A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00E50600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00E501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00E503FC
.text c:\windows\system\hpsysdrv.exe[3616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text c:\windows\system\hpsysdrv.exe[3616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\windows\system\hpsysdrv.exe[3616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text c:\windows\system\hpsysdrv.exe[3616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\windows\system\hpsysdrv.exe[3616] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text c:\windows\system\hpsysdrv.exe[3616] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text c:\windows\system\hpsysdrv.exe[3616] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text c:\windows\system\hpsysdrv.exe[3616] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text c:\windows\system\hpsysdrv.exe[3616] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Skype\Phone\Skype.exe[3740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Skype\Phone\Skype.exe[3740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Skype\Phone\Skype.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Skype\Phone\Skype.exe[3740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Skype\Phone\Skype.exe[3740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Skype\Phone\Skype.exe[3740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Skype\Phone\Skype.exe[3740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\ehome\ehtray.exe[3788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\ehome\ehtray.exe[3788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[3788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\ehome\ehtray.exe[3788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[3788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[3788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[3788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\ehome\ehtray.exe[3788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\ehome\ehtray.exe[3788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\ehome\ehtray.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\ehome\ehtray.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\ehome\ehtray.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\ehome\ehtray.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\ehome\ehtray.exe[3788] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\ehome\ehtray.exe[3788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\ehome\ehtray.exe[3788] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3824] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\RTHDCPL.EXE[3924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[3924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[3924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[3924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[3924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[3924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[3924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[3924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\RTHDCPL.EXE[3924] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[3924] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[3924] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\RTHDCPL.EXE[3924] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\RTHDCPL.EXE[3924] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[3924] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\RTHDCPL.EXE[3924] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\ARPWRMSG.EXE[3932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ARPWRMSG.EXE[3932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ARPWRMSG.EXE[3932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ARPWRMSG.EXE[3932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ARPWRMSG.EXE[3932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ARPWRMSG.EXE[3932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ARPWRMSG.EXE[3932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe[3964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4D9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3527F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E352777 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3527BB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E352703 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E35273D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352831 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E20178A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4088] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3529F3 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehmsas.exe[4220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[4220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehmsas.exe[4220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehmsas.exe[4220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehmsas.exe[4220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehmsas.exe[4220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehmsas.exe[4220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\lxcrcoms.exe[4252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[4276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\DISC\DiscStreamHub.exe[4328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DISC\DiscStreamHub.exe[4328] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgcsrvx.exe[4400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DISC\DISCover.exe[4920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\DISC\DISCover.exe[4920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DISC\DISCover.exe[4920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\DISC\DISCover.exe[4920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DISC\DISCover.exe[4920] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Program Files\DISC\DISCover.exe[4920] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Program Files\DISC\DISCover.exe[4920] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Program Files\DISC\DISCover.exe[4920] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Program Files\DISC\DISCover.exe[4920] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Program Files\DISC\DISCover.exe[4920] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Program Files\DISC\DISCover.exe[4920] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Program Files\DISC\DISCover.exe[4920] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Program Files\DISC\DISCover.exe[4920] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00560804
.text C:\Program Files\DISC\DISCover.exe[4920] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00560A08
.text C:\Program Files\DISC\DISCover.exe[4920] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00560600
.text C:\Program Files\DISC\DISCover.exe[4920] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005601F8
.text C:\Program Files\DISC\DISCover.exe[4920] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005603FC
.text C:\Program Files\AVG\AVG10\avgrsx.exe[5236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[5492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1072] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[1072] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

---- EOF - GMER 1.0.15 ----

#9 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:37 AM

Posted 18 May 2011 - 11:51 AM

Can you run the scans in regular mode now?

#10 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 18 May 2011 - 11:55 AM

Hi there,
Wil do. I ran GMER in regular mode (results provided below), so I should be able to run the other two.
Jill

#11 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 19 May 2011 - 09:16 AM

Hi again,
I am still able to boot normally and things seem to be running a bit faster, but still slow. I am already very appreciative this improvement. Also, when I booted up to start Malwarebyte and SuperSpy, AVG ran on its own and found two viruses. I pasted the results at the bottom. - Jill
Here is the Malaware Log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6612

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5/18/2011 8:16:11 PM
mbam-log-2011-05-18 (20-16-11).txt



Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 531394
Time elapsed: 4 hour(s), 37 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

and SUPER
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/19/2011 at 05:43 AM

Application Version : 4.52.1000

Core Rules Database Version : 7062
Trace Rules Database Version: 4874

Scan type : Complete Scan
Total Scan Time : 09:17:13

Memory items scanned : 747
Memory threats detected : 0
Registry items scanned : 8992
Registry threats detected : 1
File items scanned : 330339
File threats detected : 6

System.BrokenFileAssociation
HKCR\.exe

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kontera[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.bleepingcomputer[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[2].txt

FROM AVG
Scan "Scheduled scan" completed.
Infections;"2";"2";"0"
Folders selected for scanning:;"Whole computer scan"
Scan started:;"Thursday, May 19, 2011, 2:00:05 AM"
Scan finished:;"Thursday, May 19, 2011, 3:53:11 AM (1 hour(s) 53 minute(s) 5 second(s))"
Total object scanned:;"1059474"
User who launched the scan:;"SYSTEM"

Infections
;"File";"Infection";"Result"
;"C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1636\A0152248.exe:\A0152248.exe";"Virus found Win32/Heur";"Moved to Virus Vault"
;"C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP1636\A0152248.exe";"Virus found Win32/Heur.dropper";"Moved to Virus Vault"

#12 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:37 AM

Posted 19 May 2011 - 02:03 PM

Can you re-run gmer?

#13 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 19 May 2011 - 11:30 PM

New GMER LOG - First half
GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-19 21:24:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD3000JS-60PDB0 rev.21.00M21
Running: o9vm8fik.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\uwlcaaoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB1B43202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB1BA9CB2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB1B676C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB1B4581C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB1B45874]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB1B4598A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB1B67075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB1B45772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB1B458C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB1B457C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB1B45938]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB1B43226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB1B67D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB1B6803D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB1B45C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB1B67BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB1B67A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB1BA9D62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB1B42FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB1B4324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB1B45D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB1B43CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB1B4584C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB1B4589C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB1B459B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB1B673D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB1B4579E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB1B45A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB1B45904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB1B457F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB1B45B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB1B45962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB1BA9DFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB1B678D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB1B43BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB1B6772A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB1BB2E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB1B666E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB1B4326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB1B43292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB1B4304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB1B43186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB1B67E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB1B43162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB1B431AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB1B432B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB1BBF902]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F14 805047B0 4 Bytes [E8, 66, B6, B1]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B1B44335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B1BBB2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B1BBCD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B1BBF906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D3F360, 0x20574D, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B1B46CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B1B46BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B1B45F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B1B46E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B1B47040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B1B46B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B1B45FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B1B461AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B1B46352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B1B45E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B1B46C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B1B46F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B1B4632A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B1B45E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B1B46D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B1B4606A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B1B460DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B1B46114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B1B45DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B1B45F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B1B46034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B1B4646C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B1B46EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\WINDOWS\system32\drivers\sbapifs.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[148] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[264] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\lxcrcoms.exe[276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lxcrcoms.exe[276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\lxcrcoms.exe[276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\lxcrcoms.exe[276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\lxcrcoms.exe[276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\lxcrcoms.exe[276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\lxcrcoms.exe[276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\arservice.exe[528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\arservice.exe[528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\arservice.exe[528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\arservice.exe[528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\arservice.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\arservice.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\arservice.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\arservice.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\arservice.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\arservice.exe[528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\arservice.exe[528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\arservice.exe[528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\arservice.exe[528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\arservice.exe[528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\arservice.exe[528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\arservice.exe[528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\arservice.exe[528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\iPod\bin\iPodService.exe[584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iPod\bin\iPodService.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iPod\bin\iPodService.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iPod\bin\iPodService.exe[584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iPod\bin\iPodService.exe[584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iPod\bin\iPodService.exe[584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iPod\bin\iPodService.exe[584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iPod\bin\iPodService.exe[584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\Explorer.EXE[620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[620] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[620] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[620] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[620] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[620] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[620] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Update\1.3.21.53\GoogleCrashHandler.exe[644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\smss.exe[736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgchsvx.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\AVG\AVG10\avgrsx.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[972] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[1004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[1004] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[1004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[1052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[1064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[1064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\ehtray.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\ehome\ehtray.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[1504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\ehome\ehtray.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[1504] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[1504] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[1504] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\WINDOWS\ehome\ehtray.exe[1504] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\WINDOWS\ehome\ehtray.exe[1504] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
.text C:\WINDOWS\ehome\ehtray.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
.text C:\WINDOWS\ehome\ehtray.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
.text C:\WINDOWS\ehome\ehtray.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
.text C:\WINDOWS\ehome\ehtray.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
.text C:\WINDOWS\ehome\ehtray.exe[1504] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
.text C:\WINDOWS\ehome\ehtray.exe[1504] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
.text C:\WINDOWS\ehome\ehtray.exe[1504] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[2016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[2016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\RTHDCPL.EXE[2064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[2064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[2064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[2064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\RTHDCPL.EXE[2064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\RTHDCPL.EXE[2064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\RTHDCPL.EXE[2064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\RTHDCPL.EXE[2064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\RTHDCPL.EXE[2064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\RTHDCPL.EXE[2064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\RTHDCPL.EXE[2064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\RTHDCPL.EXE[2064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\RTHDCPL.EXE[2064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\RTHDCPL.EXE[2064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\RTHDCPL.EXE[2064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\RTHDCPL.EXE[2064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\ARPWRMSG.EXE[2076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ARPWRMSG.EXE[2076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ARPWRMSG.EXE[2076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ARPWRMSG.EXE[2076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ARPWRMSG.EXE[2076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ARPWRMSG.EXE[2076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ARPWRMSG.EXE[2076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[2128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[2232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[2252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\eHome\ehSched.exe[2296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[2296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[2296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[2296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[2296] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[2296] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[2296] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[2296] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[2296] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[2296] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[2296] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[2296] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[2296] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[2296] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[2296] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[2296] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[2296] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] USER32.dll!SetWindowsHookExW

#14 jillsocean

jillsocean
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:05:37 AM

Posted 19 May 2011 - 11:31 PM

Second half:
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[2488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\DISC\DiscStreamHub.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DISC\DiscStreamHub.exe[2536] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2556] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\nvsvc32.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\nvsvc32.exe[2700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\nvsvc32.exe[2700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\nvsvc32.exe[2700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\nvsvc32.exe[2700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\nvsvc32.exe[2700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\nvsvc32.exe[2700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2736] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00661014
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00660804
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00660A08
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00660C0C
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00660E10
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006601F8
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006603FC
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00660600
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00670804
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00670A08
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00670600
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006701F8
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe[2772] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006703FC
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe[2784] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe[2816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[2972] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe[3084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe[3124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00461014
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00460804
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00460A08
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00460C0C
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00460E10
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004601F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004603FC
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00460600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00470804
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00470A08
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00470600
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004701F8
.text C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe[3196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004703FC
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Lexmark 2400 Series\lxcrmon.exe[3204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Nikon\NkView6\NkvMon.exe[3208] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00591014
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00590804
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00590A08
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00590C0C
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00590E10
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005901F8
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005903FC
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00590600
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005A0804
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005A0A08
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005A0600
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005A01F8
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[3232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005A03FC
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe[3288] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\alg.exe[3308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[3308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[3308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[3308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[3308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[3308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[3308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[3308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[3308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[3308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[3308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[3308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[3308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[3388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[3388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[3388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[3388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[3388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[3388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Olympus\ib\olycamdetect.exe[3404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\svchost.exe[3456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[3456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[3456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[3456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[3456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[3456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[3456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[3456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[3456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[3456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[3456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[3456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[3456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[3456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[3456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\AVG\AVG10\avgtray.exe[3468] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3528] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\QuickTime\QTTask.exe[3592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\QuickTime\QTTask.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\QuickTime\QTTask.exe[3592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\QuickTime\QTTask.exe[3592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\QuickTime\QTTask.exe[3592] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\QuickTime\QTTask.exe[3592] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\QuickTime\QTTask.exe[3592] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\QuickTime\QTTask.exe[3592] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\QuickTime\QTTask.exe[3592] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\QuickTime\QTTask.exe[3592] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\QuickTime\QTTask.exe[3592] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\QuickTime\QTTask.exe[3592] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\QuickTime\QTTask.exe[3592] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\QuickTime\QTTask.exe[3592] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\QuickTime\QTTask.exe[3592] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\QuickTime\QTTask.exe[3592] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\QuickTime\QTTask.exe[3592] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[3632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DISC\DiscUpdMgr.exe[3652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DISC\DiscUpdMgr.exe[3652] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3680] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[3680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3680] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[3680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Messenger\msmsgs.exe[3680] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Messenger\msmsgs.exe[3680] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Messenger\msmsgs.exe[3680] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Messenger\msmsgs.exe[3680] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Messenger\msmsgs.exe[3680] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Messenger\msmsgs.exe[3680] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Messenger\msmsgs.exe[3680] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Messenger\msmsgs.exe[3680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Messenger\msmsgs.exe[3680] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Messenger\msmsgs.exe[3680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Messenger\msmsgs.exe[3680] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Messenger\msmsgs.exe[3680] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E50804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00E50A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00E50600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00E501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00E503FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Skype\Phone\Skype.exe[3800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Skype\Phone\Skype.exe[3800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Skype\Phone\Skype.exe[3800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Skype\Phone\Skype.exe[3800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Skype\Phone\Skype.exe[3800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Skype\Phone\Skype.exe[3800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Skype\Phone\Skype.exe[3800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\WINDOWS\system32\dllhost.exe[3960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[3960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[3960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[3960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[3960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[3960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[3960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[3960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[3960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[3960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[3960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[3960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[3960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[3960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[3960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[4000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] USER32.dll!SetWindowsHookExW 7E42820F 3 Bytes JMP 01CE0804
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] USER32.dll!SetWindowsHookExW + 4 7E428213 1 Byte [83]
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01CE0A08
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01CE0600
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01CE01F8
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01CE03FC
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 01CF1014
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 01CF0804
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 01CF0A08
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 01CF0C0C
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 01CF0E10
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 01CF01F8
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 01CF03FC
.text C:\Program Files\Logitech\Vid HD\Vid.exe[4040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 01CF0600
.text C:\HP\KBD\KBD.EXE[4048] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\HP\KBD\KBD.EXE[4048] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\HP\KBD\KBD.EXE[4048] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\HP\KBD\KBD.EXE[4048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\HP\KBD\KBD.EXE[4048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\HP\KBD\KBD.EXE[4048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\HP\KBD\KBD.EXE[4048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\HP\KBD\KBD.EXE[4048] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\HP\KBD\KBD.EXE[4048] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\HP\KBD\KBD.EXE[4048] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\HP\KBD\KBD.EXE[4048] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\HP\KBD\KBD.EXE[4048] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\HP\KBD\KBD.EXE[4048] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\HP\KBD\KBD.EXE[4048] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\HP\KBD\KBD.EXE[4048] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\HP\KBD\KBD.EXE[4048] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\HP\KBD\KBD.EXE[4048] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wscntfy.exe[4152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wscntfy.exe[4152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[4152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wscntfy.exe[4152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[4152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wscntfy.exe[4152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wscntfy.exe[4152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wscntfy.exe[4152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wscntfy.exe[4152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\wscntfy.exe[4152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\system32\wscntfy.exe[4152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\system32\wscntfy.exe[4152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\system32\wscntfy.exe[4152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\system32\wscntfy.exe[4152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\system32\wscntfy.exe[4152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
.text C:\WINDOWS\system32\wscntfy.exe[4152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\wscntfy.exe[4152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehmsas.exe[4704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[4704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehmsas.exe[4704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehmsas.exe[4704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehmsas.exe[4704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehmsas.exe[4704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehmsas.exe[4704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Documents and Settings\HP_Administrator\Desktop\o9vm8fik.exe[4728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\HP_Administrator\Desktop\o9vm8fik.exe[4728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\windows\system\hpsysdrv.exe[5152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text c:\windows\system\hpsysdrv.exe[5152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\windows\system\hpsysdrv.exe[5152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text c:\windows\system\hpsysdrv.exe[5152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\windows\system\hpsysdrv.exe[5152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text c:\windows\system\hpsysdrv.exe[5152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text c:\windows\system\hpsysdrv.exe[5152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text c:\windows\system\hpsysdrv.exe[5152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text c:\windows\system\hpsysdrv.exe[5152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\DISC\DISCover.exe[5968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\DISC\DISCover.exe[5968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DISC\DISCover.exe[5968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\DISC\DISCover.exe[5968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DISC\DISCover.exe[5968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Program Files\DISC\DISCover.exe[5968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Program Files\DISC\DISCover.exe[5968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Program Files\DISC\DISCover.exe[5968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Program Files\DISC\DISCover.exe[5968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Program Files\DISC\DISCover.exe[5968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Program Files\DISC\DISCover.exe[5968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Program Files\DISC\DISCover.exe[5968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Program Files\DISC\DISCover.exe[5968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00560804
.text C:\Program Files\DISC\DISCover.exe[5968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00560A08
.text C:\Program Files\DISC\DISCover.exe[5968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00560600
.text C:\Program Files\DISC\DISCover.exe[5968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005601F8
.text C:\Program Files\DISC\DISCover.exe[5968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005603FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[1052] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp aswRdr.SYS (avast! TDI RDR Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

#15 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:37 AM

Posted 20 May 2011 - 05:06 AM

Please follow the instructions in ==>This Guide<==.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Once you have created the new topic, please reply back here with a link to the new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users