GMER 1.0.15.15641 -
http://www.gmer.net
Rootkit scan 2011-07-21 20:31:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800VE-75HDT0 rev.09.07D09
Running: f2rqe4jn.exe; Driver: C:\DOCUME~1\Steven\LOCALS~1\Temp\kwriifow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA8DB3202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8E19D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8DD76C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8DB57F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8DB5848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8DB595E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8DD7075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8DB5746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8DB5898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8DB579A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8DB590C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8DB3226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8DD7D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA8DD803D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA8DB5BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8DD7BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8DD7A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8E19E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8DB2FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA8DB324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8DB5D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8DB3CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8DB5820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8DB5870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8DB5988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8DD73D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8DB5772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8DB5A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA8DB58D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8DB57C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8DB5AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8DB5936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8E19ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8DD78D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8DB3BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8DD772A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8E2210E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8DD66E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA8DB326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA8DB3292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA8DB304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA8DB3186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8DD7E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8DB3162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA8DB31AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8DB32B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8E2F398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, 66, DD, A8]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL A8DB4335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP A8E2AD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP A8E2C7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP A8E2F39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A8DB6CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A8DB6BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A8DB5F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A8DB6E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A8DB7014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A8DB6B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A8DB5E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A8DB6180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A8DB6326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A8DB5E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A8DB6BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A8DB62FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A8DB6D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A8DB6F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A8DB5FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A8DB603E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A8DB60AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A8DB60E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A8DB5D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A8DB5EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A8DB6008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A8DB6440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A8DB6ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\vVX6000.exe[128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\WINDOWS\vVX6000.exe[128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\vVX6000.exe[128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\WINDOWS\vVX6000.exe[128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000601F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000603FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002A1014
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002A0804
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002A0A08
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002A0C0C
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002A0E10
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002A01F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002A03FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002A0600
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\smss.exe[436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\program files\real\realplayer\update\realsched.exe[580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\program files\real\realplayer\update\realsched.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\program files\real\realplayer\update\realsched.exe[580] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\ctfmon.exe[624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Messenger\msmsgs.exe[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\Program Files\Messenger\msmsgs.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\Program Files\Messenger\msmsgs.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\csrss.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[680] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000601F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000603FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 038F0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 038F0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 038F0600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 038F01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 038F03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 03901014
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 03900804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 03900A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 03900C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 03900E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 039001F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 039003FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 03900600
.text C:\WINDOWS\system32\wscntfy.exe[872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\DC Software\DL10XP.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\DC Software\DL10XP.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DC Software\DL10XP.exe[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\DC Software\DL10XP.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00701014
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00700804
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00700A08
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00700C0C
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00700E10
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007001F8
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007003FC
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00700600
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00710804
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00710A08
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00710600
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007101F8
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007103FC
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00500804
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00500A08
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00500600
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005001F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005003FC
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text
C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe[2388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe[2388] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\spoolsv.exe[2644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[2644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[2644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\svchost.exe[2996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\avisynth32.exe[3324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\avisynth32.exe[3324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\avisynth32.exe[3324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\avisynth32.exe[3324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006B1014
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006B0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006B0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006B0C0C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006B0E10
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006B01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006B03FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006B0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006C0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006C0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006C01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[4000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01CA2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01CA2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01CA2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01CA2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [012B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [012B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [012B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [012B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\WINDOWS\system32\wscntfy.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02A12EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02A12C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02A12C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02A12C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x61 0xE4 0x53 0xCD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7aca21b5-392b-47ec-a5f8-c2707e94966f}@Model 126
Reg HKLM\SOFTWARE\Classes\CLSID\{7aca21b5-392b-47ec-a5f8-c2707e94966f}@Therad 30
Reg HKLM\SOFTWARE\Classes\CLSID\{7aca21b5-392b-47ec-a5f8-c2707e94966f}@MData 0x2B 0x8F 0x78 0x29 ...
---- EOF - GMER 1.0.15 ----