Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Removing dot3gpclnt32.exe


  • Please log in to reply
32 replies to this topic

#1 KrazyKatzz

KrazyKatzz

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 July 2011 - 08:59 PM

Hello there,

Avast has been popping up recently saying that dot3gpclnt32.exe is trying to open a "Mal" website. So far, I have run Avast virus scans and boot scans, a Malwarebytes scan (which removed a separate trojan: HKEY_CLASSES_ROOT\.fsharproj ), updated SpywareBlaster, and ran CCleaner, however I have continued to receive notifications when opening certain websites that this executable is trying to open a bad website. I looked up one site that gave an explanation to remove it, but it said to "remove the program files" which I wasn't 100% sure what meant--deleting the executable in system32 or what (which it won't let me by just clicking delete).

Here is what avast has been saying when it pops up:

URL: 91.217.153.48/bc840551717
Process: file://C:\WINDOWS\system32\dot3gpclnt32.exe
Infection: url:Mal

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:41 PM

Posted 21 July 2011 - 09:53 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 KrazyKatzz

KrazyKatzz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 July 2011 - 10:08 PM

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Free Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 18
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Alwil Software Avast5 AvastSvc.exe
ALWILS~1 Avast5 avastUI.exe
``````````End of Log````````````






MiniToolBox by Farbar
Ran by Steven (administrator) on 21-07-2011 at 20:10:27
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : steven-49cd300d

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : company.com



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : company.com

Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller

Physical Address. . . . . . . . . : 00-11-43-74-DF-F5

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.5

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.1

Lease Obtained. . . . . . . . . . : Thursday, July 21, 2011 7:41:07 PM

Lease Expires . . . . . . . . . . : Thursday, July 21, 2011 8:41:07 PM

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging google.com [74.125.224.112] with 32 bytes of data:



Reply from 74.125.224.112: bytes=32 time=73ms TTL=53

Reply from 74.125.224.112: bytes=32 time=74ms TTL=53



Ping statistics for 74.125.224.112:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 73ms, Maximum = 74ms, Average = 73ms

DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.1.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.


Pinging yahoo.com [67.195.160.76] with 32 bytes of data:



Reply from 67.195.160.76: bytes=32 time=148ms TTL=48

Reply from 67.195.160.76: bytes=32 time=141ms TTL=48



Ping statistics for 67.195.160.76:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 141ms, Maximum = 148ms, Average = 144ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 43 74 df f5 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.5 192.168.1.5 20
192.168.1.0 255.255.255.0 192.168.1.5 192.168.1.5 20
192.168.1.5 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.5 192.168.1.5 20
224.0.0.0 240.0.0.0 192.168.1.5 192.168.1.5 20
255.255.255.255 255.255.255.255 192.168.1.5 192.168.1.5 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/19/2011 03:13:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8093

Error: (07/19/2011 03:13:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8093

Error: (07/19/2011 03:13:44 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2011 03:13:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4062

Error: (07/19/2011 03:13:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4062

Error: (07/19/2011 03:13:40 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2011 11:52:49 PM) (Source: Application Hang) (User: )
Description: Fault bucket 00000009.

Error: (07/16/2011 11:52:40 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/16/2011 11:50:08 PM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (07/15/2011 02:30:04 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43335422


System errors:
=============
Error: (07/21/2011 06:51:29 PM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (07/21/2011 05:41:01 PM) (Source: Dhcp) (User: )
Description: Your computer has lost the lease to its IP address 192.168.1.5 on the
Network Card with network address 00114374DFF5.

Error: (07/21/2011 11:47:12 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (07/21/2011 11:46:28 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (07/21/2011 11:46:28 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (07/21/2011 11:46:13 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (07/21/2011 11:46:13 AM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (07/21/2011 11:46:04 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (07/21/2011 11:46:04 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (07/21/2011 11:46:04 AM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.


Microsoft Office Sessions:
=========================
Error: (07/19/2011 03:13:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8093

Error: (07/19/2011 03:13:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8093

Error: (07/19/2011 03:13:44 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/19/2011 03:13:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4062

Error: (07/19/2011 03:13:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4062

Error: (07/19/2011 03:13:40 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/16/2011 11:52:49 PM) (Source: Application Hang)(User: )
Description: 00000009

Error: (07/16/2011 11:52:40 PM) (Source: Application Hang)(User: )
Description: firefox.exe5.0.0.4183hungapp0.0.0.000000000

Error: (07/16/2011 11:50:08 PM) (Source: Application Hang)(User: )
Description: firefox.exe5.0.0.4183hungapp0.0.0.000000000

Error: (07/15/2011 02:30:04 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 43335422


========================= Memory info: ===================================

Percentage of memory in use: 67%
Total physical RAM: 1271.37 MB
Available physical RAM: 415.09 MB
Total Pagefile: 1879.49 MB
Available Pagefile: 1229.88 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.37 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:16.44 GB) NTFS

========================= Users: ========================================

User accounts for \\STEVEN-49CD300D

Administrator Guest HelpAssistant
Steven SUPPORT_388945a0


== End of log ==





--I already have Malwarebytes so proceeding to step after that--

Edited by KrazyKatzz, 21 July 2011 - 10:11 PM.


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:41 PM

Posted 21 July 2011 - 10:13 PM

OK....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 KrazyKatzz

KrazyKatzz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 July 2011 - 10:34 PM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-21 20:31:41
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800VE-75HDT0 rev.09.07D09
Running: f2rqe4jn.exe; Driver: C:\DOCUME~1\Steven\LOCALS~1\Temp\kwriifow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA8DB3202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA8E19D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA8DD76C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8DB57F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8DB5848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8DB595E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8DD7075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8DB5746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8DB5898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8DB579A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8DB590C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8DB3226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8DD7D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA8DD803D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA8DB5BE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8DD7BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8DD7A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA8E19E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8DB2FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA8DB324A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA8DB5D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA8DB3CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8DB5820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8DB5870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA8DB5988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA8DD73D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8DB5772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8DB5A1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA8DB58D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8DB57C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8DB5AFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8DB5936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA8E19ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA8DD78D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA8DB3BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA8DD772A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA8E2210E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA8DD66E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA8DB326E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA8DB3292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA8DB304A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA8DB3186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8DD7E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8DB3162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA8DB31AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8DB32B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8E2F398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 26B4 80501EEC 4 Bytes [E8, 66, DD, A8]
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B8EC 4 Bytes CALL A8DB4335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1DB4 5 Bytes JMP A8E2AD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8C2C 5 Bytes JMP A8E2C7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C74CC 7 Bytes JMP A8E2F39C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP A8DB6CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP A8DB6BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP A8DB5F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP A8DB6E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP A8DB7014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP A8DB6B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP A8DB5E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP A8DB6180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP A8DB6326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP A8DB5E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP A8DB6BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP A8DB62FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP A8DB6D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP A8DB6F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP A8DB5FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP A8DB603E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP A8DB60AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP A8DB60E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP A8DB5D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP A8DB5EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP A8DB6008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP A8DB6440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP A8DB6ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\vVX6000.exe[128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\WINDOWS\vVX6000.exe[128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\vVX6000.exe[128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\WINDOWS\vVX6000.exe[128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\vVX6000.exe[128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\WINDOWS\vVX6000.exe[128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[248] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000601F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000603FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002A1014
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002A0804
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002A0A08
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002A0C0C
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002A0E10
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002A01F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002A03FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002A0600
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe[336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\smss.exe[436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\program files\real\realplayer\update\realsched.exe[580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\program files\real\realplayer\update\realsched.exe[580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\program files\real\realplayer\update\realsched.exe[580] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\program files\real\realplayer\update\realsched.exe[580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\program files\real\realplayer\update\realsched.exe[580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\program files\real\realplayer\update\realsched.exe[580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\ctfmon.exe[624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\ctfmon.exe[624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\ctfmon.exe[624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Messenger\msmsgs.exe[644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\Program Files\Messenger\msmsgs.exe[644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\Program Files\Messenger\msmsgs.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\Program Files\Messenger\msmsgs.exe[644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
.text C:\Program Files\Messenger\msmsgs.exe[644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
.text C:\WINDOWS\system32\csrss.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[680] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000601F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000603FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 038F0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 038F0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 038F0600
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 038F01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 038F03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 03901014
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 03900804
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 03900A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 03900C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 03900E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 039001F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 039003FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 03900600
.text C:\WINDOWS\system32\wscntfy.exe[872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[936] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\DC Software\DL10XP.exe[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\DC Software\DL10XP.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DC Software\DL10XP.exe[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\DC Software\DL10XP.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00701014
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00700804
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00700A08
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00700C0C
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00700E10
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007001F8
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007003FC
.text C:\Program Files\DC Software\DL10XP.exe[1000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00700600
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00710804
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00710A08
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00710600
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007101F8
.text C:\Program Files\DC Software\DL10XP.exe[1000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007103FC
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFGuage.exe[1084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFRealTimeD.exe[1096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Intel\WiFi\bin\WLKeeper.exe[1152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Clarus\Samsung Auto Backup\ISFTimerD.exe[1184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00500804
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00500A08
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00500600
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005001F8
.text C:\Program Files\Intel\WiFi\bin\S24EvMon.exe[1220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005003FC
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1664] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1664] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1664] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1736] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe[2008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe[2016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text

C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\iTunes\iTunesHelper.exe[2024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2108] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe[2116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe[2388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe[2388] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\LEXBCES.EXE[2608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\spoolsv.exe[2644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[2644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[2644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[2644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[2644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LEXPPS.EXE[2660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe[2700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\svchost.exe[2996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\dot3gpclnt32.exe[3104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3284] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\avisynth32.exe[3324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\avisynth32.exe[3324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\avisynth32.exe[3324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\avisynth32.exe[3324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\avisynth32.exe[3324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\avisynth32.exe[3324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006B1014
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006B0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 006B0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 006B0C0C
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 006B0E10
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006B01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006B03FC
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006B0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006C0804
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 006C0A08
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006C0600
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 006C01F8
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[3340] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 006C03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[3396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[4000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iPod\bin\iPodService.exe[4000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[4000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Microsoft LifeCam\MSCamSvc.exe[4032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001601F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001603FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C1014
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C0804
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0A08
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C0C0C
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0E10
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C01F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C03FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C0600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D0804
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0A08
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D0600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D01F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D03FC
.text C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
.text C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01CA2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01CA2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01CA2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam10\QuickCam10.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01CA2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [012B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [012B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [012B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [012B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[756] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\WINDOWS\system32\wscntfy.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008E2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008E2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008E2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008E2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02A12EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02A12C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02A12C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1664] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02A12C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [614A9CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [614AADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [614AADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [614AA7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [614AAE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [614AAE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [614A9D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [614A9B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [614A9C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [614AA3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [614A9CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[4256] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [614A9B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Steven\My Documents\Downloads\f2rqe4jn.exe[5872] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009B2EC0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009B2C30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009B2C90] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows NT\Accessories\wordpad.exe[7820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009B2C60] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}@scansk 0x61 0xE4 0x53 0xCD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7aca21b5-392b-47ec-a5f8-c2707e94966f}@Model 126
Reg HKLM\SOFTWARE\Classes\CLSID\{7aca21b5-392b-47ec-a5f8-c2707e94966f}@Therad 30
Reg HKLM\SOFTWARE\Classes\CLSID\{7aca21b5-392b-47ec-a5f8-c2707e94966f}@MData 0x2B 0x8F 0x78 0x29 ...

---- EOF - GMER 1.0.15 ----

#6 KrazyKatzz

KrazyKatzz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 July 2011 - 10:36 PM

I had to break it up into two posts, I think (but now they seem to be one?), hopefully that worked.

#7 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:41 PM

Posted 21 July 2011 - 10:39 PM

So far I don't see much.

Let's double check.

Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

==============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:
Posted Image

On completion of the scan click "Save log", save it to your desktop and post in your next reply:
Posted Image

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#8 KrazyKatzz

KrazyKatzz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 July 2011 - 10:51 PM

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2069376 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2069376 bytes
0x804D7000 RAW 2069376 bytes
0x804D7000 WMIxWDM 2069376 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB94AD000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1167360 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xB92A7000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xBF07E000 C:\WINDOWS\System32\ialmdd5.DLL 983040 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xB91FA000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 708608 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9E17000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xA8DA0000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xA8E5A000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9101000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xA8F8D000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA7BA1000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xA8E10000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBF16E000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB941E000 C:\WINDOWS\system32\drivers\STAC97.sys 274432 bytes (SigmaTel, Inc., SigmaTel Audio Driver (WDM))
0xA7458000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF043000 C:\WINDOWS\System32\ialmdev5.DLL 241664 bytes (Intel Corporation, Component GHAL Driver)
0xB93A4000 C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys 208896 bytes (Conexant Systems, Inc., HSFHWICH WDM driver)
0xB9187000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA7EFC000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB9DEA000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xA7209000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xA8EF2000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA8F3F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xA8F67000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB93FA000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB9475000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB93D7000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8F1D000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF021000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9ECD000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB91DF000 C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 110592 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xB9DD0000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xA7234000 C:\DOCUME~1\Steven\LOCALS~1\Temp\kwriifow.sys 102400 bytes
0xB9EED000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8C98000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA8911000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xB9EA4000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB91C8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8014000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB9461000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB9499000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xA8FE6000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB9EBB000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB91B7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xBA308000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xBA188000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB95CA000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA0B8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xBA2F8000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xBA158000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 61440 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xBA198000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA8169000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xBA278000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBA0C8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xBA168000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xBA1F8000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA0E8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA218000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xB95DA000 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys 45056 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0xBA298000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xBA178000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0D8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xBA208000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xBA248000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xBA118000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA238000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA318000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xA81E9000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xBA0F8000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xBA2D8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xB960A000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA228000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA288000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA458000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA3D8000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xBA480000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA430000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA328000 C:\WINDOWS\System32\Drivers\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA418000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xBA488000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xBA470000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA468000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xBA428000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA3B8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xBA3F8000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xBA3C8000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xBA348000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA358000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA370000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA580000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xA8D88000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xBA554000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8B8C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xA8C88000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xBA598000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB90E9000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA7C15000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xA8D94000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9D83000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB9177000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xA8B80000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xBA630000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5AE000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA5C6000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xBA628000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5AC000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA636000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA63A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5FE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA61A000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA755000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA794000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA77A000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA670000 PCIIde.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

#9 KrazyKatzz

KrazyKatzz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 July 2011 - 11:01 PM

aswMBR version 0.9.8.945 Copyright© 2011 AVAST Software
Run date: 2011-07-21 20:53:21
-----------------------------
20:53:21.109 OS Version: Windows 5.1.2600 Service Pack 3
20:53:21.109 Number of processors: 1 586 0xD08
20:53:21.109 ComputerName: STEVEN-49CD300D UserName: Steven
20:53:25.265 Initialize success
20:53:27.187 AVAST engine defs: 11072101
20:53:36.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
20:53:36.546 Disk 0 Vendor: WDC_WD800VE-75HDT0 09.07D09 Size: 76319MB BusType: 3
20:53:36.843 Disk 0 MBR read successfully
20:53:36.843 Disk 0 MBR scan
20:53:36.968 Disk 0 Windows XP default MBR code
20:53:37.000 Disk 0 scanning sectors +156280320
20:53:37.125 Disk 0 scanning C:\WINDOWS\system32\drivers
20:54:09.734 Service scanning
20:54:13.312 Modules scanning
20:54:27.796 Disk 0 trace - called modules:
20:54:27.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
20:54:27.812 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8988aab8]
20:54:27.812 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8989bb00]
20:54:29.750 AVAST engine scan C:\WINDOWS
20:54:37.437 AVAST engine scan C:\WINDOWS\system32
21:00:03.390 AVAST engine scan C:\WINDOWS\system32\drivers
21:00:28.375 AVAST engine scan C:\Documents and Settings\Steven
21:01:04.500 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Steven\My Documents\antivirus checkup related\MBR.dat"
21:01:04.593 The log file has been saved successfully to "C:\Documents and Settings\Steven\My Documents\antivirus checkup related\aswMBR.txt"

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:41 PM

Posted 21 July 2011 - 11:05 PM

All looks clean.

Are you having any current issues?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 KrazyKatzz

KrazyKatzz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 July 2011 - 11:17 PM

The avast popup doesn't seem to come very regularly or often, I was mostly worried it was a trojan trying to send information off somewhere, but I had these popups four or five times over the last few days and never had a dramatic impact on system performance, at least as far as I could tell. When I click "More Details" avast says "Yes, that was close, but relax... avast! just saved a crash!" It's kind of alarming to see that two or three times a day from the same source.

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:41 PM

Posted 21 July 2011 - 11:20 PM

Let me know, if it'll happen again.

Download Temp File Cleaner (TFC)
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 KrazyKatzz

KrazyKatzz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 21 July 2011 - 11:28 PM

Avast said TFC was "potentially unsafe" and wanted confirmation to open--I'm presuming this is normal?

#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:08:41 PM

Posted 21 July 2011 - 11:29 PM

Yes, go on....

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 KrazyKatzz

KrazyKatzz
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:05:41 PM

Posted 22 July 2011 - 01:09 AM

Ran TFC, in the middle of ESET right now. I didn't turn off avast first, and it seems to be running really slowly (I also left on 'remove threats' I think on ESET). It's hard to tell if it's the scans and but my machine is definitely more sluggish than before, and especially around startup keeps bouncing up to 100% CPU usage. Was I supposed to uninstall any of the things I installed in this thread after I used them? Right now it's at 100% but the scan is still running.

ESET has so far found 4 trojans
JS/Agent.NDJ trojan
Win32/TrojanDownloader.Tracur.F trojan
JS/Agent.NDJ trojan
Win32/TrojanDownloader.Tracur.F trojan

I'm kind of glad I left avast on; while the ESET scan has been running the pop-up occurred again that I posted about in the OP with the same message as before (dot3gpclnt32.exe tried to open the same url). I also noticed while checking system performance that the dot3gpclnt32.exe shows up in the processes list.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users