Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frequent BSOD lately


  • Please log in to reply
21 replies to this topic

#1 Johnny 5 Alive

Johnny 5 Alive

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 11 August 2011 - 07:51 AM

Two BSOD in the last 3 days.

First one gave no information with the following error code:
STOP: 0X0000007F (0X0000000D, 0X00000000, 0X000000000, 0X00000000)

Second was just this morning and contained the usual HDW and SW warnings plus this and also did a memory dump:
Caused by Win32K.SYS
PAGE_FAULT_INN_MONPAGED_AREA
STOP: 0X00000050 (0XE173E01C, 0X00000000, 0XBF82EDEF, 0X00000001)
Win32K.sys - Address BF82EDEF base at BF800000, datestamp 4de797d3

System acts much like it is infected but have run Avast and Avira. Ran Avira first found 2 Trojans let it delete both of them. Avast found 8 files it could not open or locate, the not locates were avir dll files and another was a dat file that looked like it was associated with Avir, I did not recognize the the last file.

Edited by hamluis, 11 August 2011 - 09:11 AM.
Moved from XP to Am I Infected.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:51 AM

Posted 11 August 2011 - 07:58 PM

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 12 August 2011 - 10:00 PM

sceuritycheck.exe will not run.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:51 AM

Posted 12 August 2011 - 10:02 PM

Skip it.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 13 August 2011 - 06:05 AM

Restarted computer SecurityCheck then ran. Results follow:


Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

avast! Free Antivirus
Avira AntiVir Personal - Free Antivirus
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.3.183.5
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader X (10.1.0)
Japanese Fonts Support For Adobe Reader X
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
Mozilla Thunderbird (3.1.10) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Avira Antivir avguard.exe
Utils System Alwil Software Avast5\AvastSvc.exe
Utils System Alwil Software Avast5\avastUI.exe
``````````End of Log````````````

#6 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 13 August 2011 - 06:06 AM

Results from Minitoolbox:


MiniToolBox by Farbar
Ran by John (administrator) on 13-08-2011 at 07:00:07
Microsoft Windows XP Service Pack 3 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : desktop

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

Description . . . . . . . . . . . : Intel® PRO/1000 CT Network Connection

Physical Address. . . . . . . . . : 00-0E-A6-2D-AD-16

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.102

Subnet Mask . . . . . . . . . . . : 255.255.255.0

IP Address. . . . . . . . . . . . : fe80::20e:a6ff:fe2d:ad16%4

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 68.87.74.166

68.87.68.166

fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

Lease Obtained. . . . . . . . . . : Friday, August 12, 2011 11:05:07 PM

Lease Expires . . . . . . . . . . : Saturday, August 13, 2011 11:05:07 PM



Tunnel adapter Teredo Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : 00-00-FB-ED-B3-9A-8F-29

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 2001:0:4137:9e76:0:fbed:b39a:8f29

IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5

Default Gateway . . . . . . . . . : ::

NetBIOS over Tcpip. . . . . . . . : Disabled



Tunnel adapter Automatic Tunneling Pseudo-Interface:



Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

Physical Address. . . . . . . . . : C0-A8-01-66

Dhcp Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.102%2

Default Gateway . . . . . . . . . :

DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1

fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1

NetBIOS over Tcpip. . . . . . . . : Disabled

Server: cns.bonitasprngs.fl.naples.comcast.net
Address: 68.87.74.166

Name: google.com
Addresses: 74.125.113.147, 74.125.113.99, 74.125.113.105, 74.125.113.104
74.125.113.103, 74.125.113.106



Pinging google.com [74.125.93.106] with 32 bytes of data:



Reply from 74.125.93.106: bytes=32 time=64ms TTL=50

Reply from 74.125.93.106: bytes=32 time=58ms TTL=50



Ping statistics for 74.125.93.106:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 58ms, Maximum = 64ms, Average = 61ms

Server: cns.bonitasprngs.fl.naples.comcast.net
Address: 68.87.74.166

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=53ms TTL=49

Reply from 209.191.122.70: bytes=32 time=51ms TTL=49



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 51ms, Maximum = 53ms, Average = 52ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0e a6 2d ad 16 ...... Intel® PRO/1000 CT Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.102 192.168.1.102 20
192.168.1.0 255.255.255.0 192.168.1.102 192.168.1.102 20
192.168.1.102 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.102 192.168.1.102 20
224.0.0.0 240.0.0.0 192.168.1.102 192.168.1.102 20
255.255.255.255 255.255.255.255 192.168.1.102 192.168.1.102 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/10/2011 07:17:23 AM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (08/09/2011 11:15:20 PM) (Source: Ci) (User: )
Description: Cleaning up corrupt content index metadata on c:\inetpub\catalog.wci. Index will
be automatically restored by refiltering all documents.

Error: (08/09/2011 11:13:10 PM) (Source: ESENT) (User: )
Description: Catalog Database (1560) Database recovery/restore failed with unexpected error -1032.

Error: (08/09/2011 11:13:10 PM) (Source: ESENT) (User: )
Description: Catalog Database (1560) Unable to write a shadowed header for file C:\WINXP\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb. Error -1032.

Error: (08/09/2011 11:13:10 PM) (Source: ESENT) (User: )
Description: svchost (1560) An attempt to open the file "C:\WINXP\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

Error: (08/09/2011 11:12:51 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)

Error: (08/09/2011 11:12:51 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (08/09/2011 11:12:51 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (08/09/2011 11:12:51 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index. The service will attempt to automatically correct this problem by rebuilding the index.

Context: Windows Application, SystemIndex Catalog

Details:
0xc0041801 (0xc0041801)

Error: (08/09/2011 10:30:41 PM) (Source: ESENT) (User: )
Description: Catalog Database (1552) Database C:\WINXP\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb is partially attached. Attachment stage: 1. Error: -1032.


System errors:
=============
Error: (08/13/2011 06:53:00 AM) (Source: DCOM) (User: John)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (08/12/2011 11:09:38 PM) (Source: DCOM) (User: John)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (08/12/2011 11:08:03 PM) (Source: DCOM) (User: NETWORK SERVICE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{BA126AD1-2166-11D1-B1D0-00805FC1270E}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (08/12/2011 11:06:23 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.

Error: (08/12/2011 11:01:38 PM) (Source: DCOM) (User: John)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (08/11/2011 09:31:44 PM) (Source: DCOM) (User: John)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (08/11/2011 08:41:30 PM) (Source: DCOM) (User: John)
Description: The server {022105BD-948A-40C9-AB42-A3300DDF097F} did not register with DCOM within the required timeout.

Error: (08/11/2011 08:14:28 AM) (Source: DCOM) (User: John)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (08/11/2011 08:11:11 AM) (Source: DCOM) (User: John)
Description: DCOM got error "%%1058" attempting to start the service MDM with arguments ""
in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error: (08/11/2011 08:09:32 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 12 service to connect.


Microsoft Office Sessions:
=========================
Error: (08/10/2011 07:17:23 AM) (Source: .NET Runtime Optimization Service)(User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (08/09/2011 11:15:20 PM) (Source: Ci)(User: )
Description: c:\inetpub\catalog.wci

Error: (08/09/2011 11:13:10 PM) (Source: ESENT)(User: )
Description: Catalog Database1560-1032

Error: (08/09/2011 11:13:10 PM) (Source: ESENT)(User: )
Description: Catalog Database1560C:\WINXP\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032

Error: (08/09/2011 11:13:10 PM) (Source: ESENT)(User: )
Description: svchost1560C:\WINXP\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb-1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process.

Error: (08/09/2011 11:12:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application

Details:
The content index cannot be read. (0xc0041800)

Error: (08/09/2011 11:12:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)

Error: (08/09/2011 11:12:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
The content index cannot be read. (0xc0041800)
Search.TripoliIndexer

Error: (08/09/2011 11:12:51 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
0xc0041801 (0xc0041801)

Error: (08/09/2011 10:30:41 PM) (Source: ESENT)(User: )
Description: Catalog Database1552C:\WINXP\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb1-1032


=========================== Installed Programs ============================

Ad-Aware
Ad-Aware (Version: 9.0.1)
Adobe Acrobat 6.0 Professional (Version: 006.000.000)
Adobe AIR (Version: 2.5.1.17730)
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 10 Plugin (Version: 10.3.183.5)
Adobe Illustrator 10 (Version: 10)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.0) (Version: 10.1.0)
Adobe SVG Viewer 3.0 (Version: 3.0)
Android-Sync v0.200
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoStudio 5.5
Ask Toolbar (Version: 1.12.2.0)
AsusUpdate
ATI Display Driver (Version: 8.231-060221a1-030895C-ATI)
avast! Free Antivirus (Version: 6.0.1203.0)
Avery Wizard 3.1 (Version: 3.1.5)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.696)
Bonjour (Version: 3.0.0.2)
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.0
Canon MP980 series MP Drivers
Canon MP980 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Easy-PhotoPrint Pro
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner (Version: 3.06)
ColdFusion MX (Version: 6.0.0.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
DesignPro 5.0 Limited Edition (Version: 5.2.1201)
DirectX 9 Runtime (Version: 1.00.0000)
Foxit Creator (Version: 3,0,2,0506)
Foxit Reader (Version: 4.3.1.323)
Free Audio Converter 4.3.2
Free Audio Editor
Google Apps (Version: 1.2.279.2381)
Google Calendar Sync
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.65)
Google Updater (Version: 2.4.2166.3772)
hp officejet d series - 5
HP Photo Printing Software
HP Share-to-Web
Inkjet Printer/Scanner Extended Survey Program
Intel® PRO Network Adapters and Drivers
iPhone Explorer (Version: 0.9.26.0)
iTunes (Version: 10.4.0.80)
Japanese Fonts Support For Adobe Reader X (Version: 10.0.0)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (Version: 6.0.240)
Junk Mail filter update (Version: 14.0.8117.416)
Macromedia Dreamweaver MX (Version: 6.0)
Macromedia Extension Manager (Version: 1.5)
Macromedia Fireworks MX (Version: 6)
Macromedia Flash MX (Version: 6)
Macromedia FreeHand 10 (Version: 10)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Lync 2010 (Version: 4.0.7577.275)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Outlook Connector (Version: 14.0.5139.5001)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft Search Enhancement Pack (Version: 1.2.123.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.6.0)
MotoHelper 2.0.40 Driver 4.8.0 (Version: 2.0.40)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 4.8.0 (Version: 4.8.0)
Mozilla Firefox 5.0 (x86 en-US) (Version: 5.0)
Mozilla Thunderbird (3.1.10) (Version: 3.1.10 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Natural Color Pro (Version: 1.00.0005)
Nero PhotoShow Express (Version: 3.0)
Nero7 Ultra Edition (Version: 7.00.0574)
Picasa 3 (Version: 3.8)
QuickTime (Version: 7.69.80.9)
Roxio Burn (Version: 1.6)
Roxio CinePlayer (Version: 5.6)
Roxio CinePlayer Decoder Pack (Version: 4.3.0)
Roxio Creator 2011 Content (Version: 13.0.098)
Roxio Creator 2011 Special Edition (Version: 1.3.166)
Roxio Creator 2011 Special Edition (Version: 13.0)
Roxio Creator 2011 Special Edition (Version: 6.0.0)
Roxio Easy VHS to DVD (Version: 2.0.128)
Roxio PhotoShow (Version: 6.0)
Roxio Streamer (Version: 1.00.0000)
Roxio Streamer Desktop Applications (Version: 1.4.2)
Roxio Video Capture USB (Version: 1.22.0000)
Safari (Version: 5.34.50.0)
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.3 (Version: 5.3.120)
SmartSound Common Data (Version: 1.1.0)
SmartSound Quicktracks 5 (Version: 5.1.7)
SoundMAX
SpywareBlaster 4.4 (Version: 4.4.0)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (Version: 9.0.30729.01)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11

========================= Memory info: ===================================

Percentage of memory in use: 48%
Total physical RAM: 3070.73 MB
Available physical RAM: 1566.27 MB
Total Pagefile: 4961.11 MB
Available Pagefile: 3411.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1992.78 MB

========================= Partitions: =====================================

2 Drive c: (SG-80GB-1-C) (Fixed) (Total:74.53 GB) (Free:6.21 GB) NTFS
3 Drive d: (SG-160GB-1-D) (Fixed) (Total:128 GB) (Free:8.15 GB) NTFS
4 Drive e: (WD-120GB-1-E) (Fixed) (Total:111.78 GB) (Free:42.68 GB) NTFS
5 Drive f: (SG-160GB-2-F) (Fixed) (Total:21.05 GB) (Free:3.13 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP

Admin Administrator ASPNET
Guest HelpAssistant IUSR_DESKTOP
IWAM_DESKTOP John Onjay
SUPPORT_388945a0


== End of log ==

#7 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 13 August 2011 - 06:53 AM

MBAM results:


Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7454

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/13/2011 7:29:46 AM
mbam-log-2011-08-13 (07-29-46).txt

Scan type: Quick scan
Objects scanned: 302782
Time elapsed: 14 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:51 AM

Posted 13 August 2011 - 10:36 AM

...and GMER...

You're running two AV programs, Avast and Avira.
One of them has to go.
Your choice.

Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 13 August 2011 - 12:21 PM

Ok on the Avast/Avira, I thought I had disabled it and was only running it as a once at a time function. You are telling me that it is running all the time, even though it is not showing up in my tray? DO you recommend one over the other?

Ok it is asking me to shorten my replay so I will cut the bottom part out of here and post is next.

Gmer results:
GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-08-13 12:31:26
Windows 5.1.2600 Service Pack 3 Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-17 ST380817AS rev.3.42
Running: gmer.exe; Driver: C:\DOCUME~1\JOHN~1.DES\LOCALS~1\Temp\fwddapow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB08BC202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB094AD8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB08E06C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB08BE7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB08BE848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB08BE95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB08E0075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB08BE746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB08BE898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB08BE79A]
SSDT F7AAE29C ZwCreateThread
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB08BE90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB08BC226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB08E0D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB08E103D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB08BEBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB08E0BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB08E0A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB094AE3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB08BBFF0]
SSDT F7AAE2BA ZwLoadKey
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB08BC24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB08BED56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB08BCCDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB08BE820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB08BE870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB08BE988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB08E03D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB08BE772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB08BEA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB08BE8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB08BE7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB08BEAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB08BE936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB094AED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB08E08D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB08BCBA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB08E072A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB095310E]
SSDT F7AAE2C4 ZwReplaceKey
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB08DF6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB08BC26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB08BC292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB08BC04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB08BC186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB08E0E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB08BC162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB08BC1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB08BC2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB0960398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 10E 804E4968 4 Bytes JMP B565F9F8
.text ntoskrnl.exe!ZwYieldExecution + 13E 804E4998 8 Bytes [98, E8, 8B, B0, 9A, E7, 8B, ...]
.text ntoskrnl.exe!ZwYieldExecution + 1FB 804E4A55 7 Bytes [BF, 8B, B0, BA, E2, AA, F7]
.text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A98 8 Bytes [20, E8, 8B, B0, 70, E8, 8B, ...] {AND AL, CH; MOV ESI, [EAX-0x4f741790]}
.text ntoskrnl.exe!ZwYieldExecution + 24A 804E4AA4 4 Bytes [88, E9, 8B, B0]
.text ...
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B095D7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL B08BD335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP B096039C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP B095BD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP B08BFCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP B08BFBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP B08BEF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP B08BFE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP B08C0014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP B08BFB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP B08BEE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP B08BF180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP B08BF326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP B08BEE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP B08BFBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP B08BF2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP B08BFD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP B08BFF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP B08BEFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP B08BF03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP B08BF0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP B08BF0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP B08BED8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP B08BEEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP B08BF008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP B08BF440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP B08BFECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrunsvc.exe[404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text D:\Program Files\Utils\WWW\MacroMedia\runtime\bin\jrun.exe[420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swagent.exe[492] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swstrtr.exe[504] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Analog Devices\SoundMAX\Smax4.exe[632] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINXP\system32\spoolsv.exe[652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\spoolsv.exe[652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\spoolsv.exe[652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\spoolsv.exe[652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\spoolsv.exe[652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\spoolsv.exe[652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\spoolsv.exe[652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\spoolsv.exe[652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\spoolsv.exe[652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\spoolsv.exe[652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\spoolsv.exe[652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\spoolsv.exe[652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\spoolsv.exe[652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\spoolsv.exe[652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\spoolsv.exe[652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\spoolsv.exe[652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\spoolsv.exe[652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Utils\WWW\MacroMedia\db\slserver52\bin\swsoc.exe[744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\Program Files\Media\A-V\iTunes\iTunesHelper.exe[760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINXP\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\svchost.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\svchost.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\svchost.exe[808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\svchost.exe[808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\svchost.exe[808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\svchost.exe[808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\svchost.exe[808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\svchost.exe[808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avguard.exe[912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINXP\System32\smss.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\Explorer.EXE[1000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\Explorer.EXE[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\Explorer.EXE[1000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\Explorer.EXE[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\Explorer.EXE[1000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINXP\Explorer.EXE[1000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINXP\Explorer.EXE[1000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINXP\Explorer.EXE[1000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINXP\Explorer.EXE[1000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINXP\Explorer.EXE[1000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINXP\Explorer.EXE[1000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINXP\Explorer.EXE[1000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINXP\Explorer.EXE[1000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINXP\Explorer.EXE[1000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINXP\Explorer.EXE[1000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINXP\Explorer.EXE[1000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINXP\Explorer.EXE[1000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINXP\system32\csrss.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\csrss.exe[1008] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\winlogon.exe[1040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINXP\system32\winlogon.exe[1040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\winlogon.exe[1040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINXP\system32\winlogon.exe[1040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\winlogon.exe[1040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\winlogon.exe[1040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\winlogon.exe[1040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\winlogon.exe[1040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\winlogon.exe[1040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\winlogon.exe[1040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\winlogon.exe[1040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\winlogon.exe[1040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\services.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\services.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\services.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\services.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\services.exe[1084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\services.exe[1084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\services.exe[1084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\services.exe[1084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\services.exe[1084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\services.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\services.exe[1084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\services.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\services.exe[1084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\services.exe[1084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\lsass.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\lsass.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\lsass.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\lsass.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\lsass.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\lsass.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\lsass.exe[1096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\lsass.exe[1096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\lsass.exe[1096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\lsass.exe[1096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\lsass.exe[1096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\lsass.exe[1096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text D:\Program Files\Utils\System\Avira\AntiVir Desktop\avshadow.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINXP\system32\Ati2evxx.exe[1288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINXP\system32\Ati2evxx.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\Ati2evxx.exe[1288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINXP\system32\Ati2evxx.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\Ati2evxx.exe[1288] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINXP\system32\Ati2evxx.exe[1288] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINXP\system32\Ati2evxx.exe[1288] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINXP\system32\Ati2evxx.exe[1288] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINXP\system32\Ati2evxx.exe[1288] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINXP\system32\Ati2evxx.exe[1288] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINXP\system32\Ati2evxx.exe[1288] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINXP\system32\Ati2evxx.exe[1288] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINXP\system32\Ati2evxx.exe[1288] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINXP\system32\Ati2evxx.exe[1288] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINXP\system32\Ati2evxx.exe[1288] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINXP\system32\Ati2evxx.exe[1288] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINXP\system32\Ati2evxx.exe[1288] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINXP\system32\svchost.exe[1312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\svchost.exe[1312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[1312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\svchost.exe[1312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[1312] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\svchost.exe[1312] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\svchost.exe[1312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\svchost.exe[1312] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\svchost.exe[1312] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\svchost.exe[1312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\svchost.exe[1312] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\svchost.exe[1312] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text C:\Program Files\Roxio\Roxio Streamer\srvstart\srvstart.exe[1344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINXP\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[1396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\svchost.exe[1396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\svchost.exe[1396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\svchost.exe[1396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\svchost.exe[1396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\svchost.exe[1396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\svchost.exe[1396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Roxio\Roxio Streamer\usb_detection.exe[1520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\WINXP\System32\svchost.exe[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\System32\svchost.exe[1544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\System32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\System32\svchost.exe[1544] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\System32\svchost.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\System32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\System32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\System32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\System32\svchost.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\System32\svchost.exe[1544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\System32\svchost.exe[1544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\System32\svchost.exe[1544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\System32\svchost.exe[1544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\System32\svchost.exe[1544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\System32\svchost.exe[1544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\System32\svchost.exe[1544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\System32\svchost.exe[1544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINXP\system32\inetsrv\inetinfo.exe[1604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINXP\system32\cisvc.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\cisvc.exe[1608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\cisvc.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\cisvc.exe[1608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\cisvc.exe[1608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINXP\system32\cisvc.exe[1608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\cisvc.exe[1608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINXP\system32\cisvc.exe[1608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\cisvc.exe[1608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\cisvc.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINXP\system32\cisvc.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINXP\system32\cisvc.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\cisvc.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINXP\system32\cisvc.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINXP\system32\cisvc.exe[1608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\cisvc.exe[1608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\cisvc.exe[1608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1648] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINXP\system32\svchost.exe[1652] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\svchost.exe[1652] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[1652] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\svchost.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[1652] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\svchost.exe[1652] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\svchost.exe[1652] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\svchost.exe[1652] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\svchost.exe[1652] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\svchost.exe[1652] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\svchost.exe[1652] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\svchost.exe[1652] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\svchost.exe[1652] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\svchost.exe[1652] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\svchost.exe[1652] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\svchost.exe[1652] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\svchost.exe[1652] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Google\Update\1.3.21.65\GoogleCrashHandler.exe[1712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINXP\system32\svchost.exe[1864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\svchost.exe[1864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[1864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\svchost.exe[1864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\svchost.exe[1864] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\svchost.exe[1864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\svchost.exe[1864] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\svchost.exe[1864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\svchost.exe[1864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\svchost.exe[1864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\svchost.exe[1864] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\svchost.exe[1864] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text D:\Program Files\Utils\System\Alwil Software\Avast5\AvastSvc.exe[2004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\System\Alwil Software\Avast5\AvastSvc.exe[2004] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text D:\Program Files\Utils\System\Alwil Software\Avast5\AvastSvc.exe[2004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00561014
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00560804
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00560A08
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00560C0C
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00560E10
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005601F8
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005603FC
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00560600
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00570804
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00570A08
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00570600
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005701F8
.text C:\Program Files\Roxio\Roxio Streamer\vboxheadless.exe[2188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005703FC
.text C:\WINXP\system32\msdtc.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\msdtc.exe[2396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\msdtc.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\msdtc.exe[2396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\msdtc.exe[2396] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\msdtc.exe[2396] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\msdtc.exe[2396] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\msdtc.exe[2396] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\msdtc.exe[2396] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\msdtc.exe[2396] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\msdtc.exe[2396] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\msdtc.exe[2396] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\msdtc.exe[2396] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\msdtc.exe[2396] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\msdtc.exe[2396] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\msdtc.exe[2396] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\msdtc.exe[2396] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 008C1014
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 008C0804
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 008C0A08
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 008C0C0C
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 008C0E10
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 008C01F8
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 008C03FC
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 008C0600
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 008D0804
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 008D0A08
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 008D0600
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 008D01F8
.text C:\Program Files\Roxio\Roxio Streamer\VBoxSVC.exe[2856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 008D03FC
.text D:\Program Files\Utils\System\Alwil Software\Avast5\avastUI.exe[2892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Utils\System\Alwil Software\Avast5\avastUI.exe[2892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe[2900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINXP\system32\Ati2evxx.exe[2960] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINXP\system32\Ati2evxx.exe[2960] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\Ati2evxx.exe[2960] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINXP\system32\Ati2evxx.exe[2960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\Ati2evxx.exe[2960] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINXP\system32\Ati2evxx.exe[2960] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINXP\system32\Ati2evxx.exe[2960] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINXP\system32\Ati2evxx.exe[2960] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINXP\system32\Ati2evxx.exe[2960] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINXP\system32\Ati2evxx.exe[2960] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINXP\system32\Ati2evxx.exe[2960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINXP\system32\Ati2evxx.exe[2960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINXP\system32\Ati2evxx.exe[2960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINXP\system32\Ati2evxx.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINXP\system32\Ati2evxx.exe[2960] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINXP\system32\Ati2evxx.exe[2960] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINXP\system32\Ati2evxx.exe[2960] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINXP\system32\ctfmon.exe[3096] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINXP\system32\ctfmon.exe[3096] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\ctfmon.exe[3096] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINXP\system32\ctfmon.exe[3096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\ctfmon.exe[3096] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINXP\system32\ctfmon.exe[3096] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINXP\system32\ctfmon.exe[3096] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\ctfmon.exe[3096] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINXP\system32\ctfmon.exe[3096] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINXP\system32\ctfmon.exe[3096] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\ctfmon.exe[3096] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\ctfmon.exe[3096] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINXP\system32\ctfmon.exe[3096] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINXP\system32\ctfmon.exe[3096] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINXP\system32\ctfmon.exe[3096] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINXP\system32\ctfmon.exe[3096] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINXP\system32\ctfmon.exe[3096] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINXP\System32\alg.exe[3196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\System32\alg.exe[3196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\System32\alg.exe[3196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\System32\alg.exe[3196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\System32\alg.exe[3196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINXP\System32\alg.exe[3196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINXP\System32\alg.exe[3196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINXP\System32\alg.exe[3196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINXP\System32\alg.exe[3196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINXP\System32\alg.exe[3196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINXP\System32\alg.exe[3196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINXP\System32\alg.exe[3196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINXP\System32\alg.exe[3196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINXP\System32\alg.exe[3196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINXP\System32\alg.exe[3196] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINXP\System32\alg.exe[3196] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINXP\System32\alg.exe[3196] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINXP\LTMSG.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINXP\LTMSG.exe[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\LTMSG.exe[3404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINXP\LTMSG.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\LTMSG.exe[3404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINXP\LTMSG.exe[3404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINXP\LTMSG.exe[3404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINXP\LTMSG.exe[3404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINXP\LTMSG.exe[3404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINXP\LTMSG.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINXP\LTMSG.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINXP\LTMSG.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINXP\LTMSG.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINXP\LTMSG.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINXP\LTMSG.exe[3404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINXP\LTMSG.exe[3404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINXP\LTMSG.exe[3404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINXP\system32\tcpsvcs.exe[3576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\tcpsvcs.exe[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\tcpsvcs.exe[3576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\tcpsvcs.exe[3576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\tcpsvcs.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\tcpsvcs.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\tcpsvcs.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\tcpsvcs.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\tcpsvcs.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\tcpsvcs.exe[3576] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\tcpsvcs.exe[3576] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\tcpsvcs.exe[3576] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\tcpsvcs.exe[3576] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\tcpsvcs.exe[3576] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\tcpsvcs.exe[3576] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\tcpsvcs.exe[3576] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\tcpsvcs.exe[3576] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINXP\System32\snmp.exe[3640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINXP\System32\snmp.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\System32\snmp.exe[3640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINXP\System32\snmp.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\System32\snmp.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINXP\System32\snmp.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINXP\System32\snmp.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINXP\System32\snmp.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINXP\System32\snmp.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINXP\System32\snmp.exe[3640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINXP\System32\snmp.exe[3640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINXP\System32\snmp.exe[3640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[3780] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINXP\system32\svchost.exe[3844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\svchost.exe[3844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[3844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\svchost.exe[3844] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\svchost.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\svchost.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\svchost.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\svchost.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\svchost.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\svchost.exe[3844] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\svchost.exe[3844] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\svchost.exe[3844] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\svchost.exe[3844] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\svchost.exe[3844] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\svchost.exe[3844] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\svchost.exe[3844] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\svchost.exe[3844] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\SearchIndexer.exe[4032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
.text C:\WINXP\system32\SearchIndexer.exe[4032] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\SearchIndexer.exe[4032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
.text C:\WINXP\system32\SearchIndexer.exe[4032] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINXP\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINXP\system32\SearchIndexer.exe[4032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\SearchIndexer.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
.text C:\WINXP\system32\SearchIndexer.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
.text C:\WINXP\system32\SearchIndexer.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
.text C:\WINXP\system32\SearchIndexer.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
.text C:\WINXP\system32\SearchIndexer.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
.text C:\WINXP\system32\SearchIndexer.exe[4032] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
.text C:\WINXP\system32\SearchIndexer.exe[4032] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
.text C:\WINXP\system32\SearchIndexer.exe[4032] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
.text C:\WINXP\system32\SearchIndexer.exe[4032] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
.text C:\WINXP\system32\SearchIndexer.exe[4032] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
.text C:\WINXP\system32\SearchIndexer.exe[4032] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
.text C:\WINXP\system32\SearchIndexer.exe[4032] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
.text C:\WINXP\system32\SearchIndexer.exe[4032] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003E0804
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003E0A08
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003E0600
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003E01F8
.text D:\Program Files\Communications\skype\Phone\Skype.exe[4136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003E03FC
.text C:\WINXP\system32\dllhost.exe[4644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\dllhost.exe[4644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\dllhost.exe[4644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\dllhost.exe[4644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\dllhost.exe[4644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINXP\system32\dllhost.exe[4644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINXP\system32\dllhost.exe[4644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\dllhost.exe[4644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINXP\system32\dllhost.exe[4644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINXP\system32\dllhost.exe[4644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\dllhost.exe[4644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\dllhost.exe[4644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINXP\system32\dllhost.exe[4644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINXP\system32\dllhost.exe[4644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\dllhost.exe[4644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINXP\system32\dllhost.exe[4644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\dllhost.exe[4644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\John.DESKTOP\Desktop\gmer.exe[4820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\John.DESKTOP\Desktop\gmer.exe[4820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\iPod\bin\iPodService.exe[5196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\iPod\bin\iPodService.exe[5196] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\iPod\bin\iPodService.exe[5196] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\iPod\bin\iPodService.exe[5196] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\iPod\bin\iPodService.exe[5196] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\iPod\bin\iPodService.exe[5196] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\iPod\bin\iPodService.exe[5196] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINXP\system32\cidaemon.exe[5996] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\cidaemon.exe[5996] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\cidaemon.exe[5996] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\cidaemon.exe[5996] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\cidaemon.exe[5996] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINXP\system32\cidaemon.exe[5996] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\cidaemon.exe[5996] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINXP\system32\cidaemon.exe[5996] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\cidaemon.exe[5996] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\cidaemon.exe[5996] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINXP\system32\cidaemon.exe[5996] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINXP\system32\cidaemon.exe[5996] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\cidaemon.exe[5996] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINXP\system32\cidaemon.exe[5996] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINXP\system32\cidaemon.exe[5996] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\cidaemon.exe[5996] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\cidaemon.exe[5996] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINXP\system32\cidaemon.exe[6044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINXP\system32\cidaemon.exe[6044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINXP\system32\cidaemon.exe[6044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINXP\system32\cidaemon.exe[6044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINXP\system32\cidaemon.exe[6044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINXP\system32\cidaemon.exe[6044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINXP\system32\cidaemon.exe[6044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINXP\system32\cidaemon.exe[6044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINXP\system32\cidaemon.exe[6044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINXP\system32\cidaemon.exe[6044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINXP\system32\cidaemon.exe[6044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINXP\system32\cidaemon.exe[6044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINXP\system32\cidaemon.exe[6044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINXP\system32\cidaemon.exe[6044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINXP\system32\cidaemon.exe[6044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINXP\system32\cidaemon.exe[6044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINXP\system32\cidaemon.exe[6044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600

GMER second part of same scan as previously posted.

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\Explorer.EXE [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\Explorer.EXE[1000] @ C:\WINXP\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [5CB77774] C:\WINXP\system32\ShimEng.dll (Shim Engine DLL/Microsoft Corporation)
IAT C:\WINXP\system32\services.exe[1084] @ C:\WINXP\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINXP\system32\services.exe[1084] @ C:\WINXP\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Files - GMER 1.0.15 ----
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\Emerald 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\Emerald\WMVCORE.DLL 2330624 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\empty.cat 5149 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\spmsg.dll 13536 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\spuninst.exe 213216 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\update 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\update\EULA.txt 4092 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\update\KB923689.cat 11494 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\update\Update.exe 716000 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\update\update.inf 14722 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\update\update.ver 414 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\update\updspapi.dll 371424 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\WMP10L 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\WMP10L\WMVCORE.DLL 2374472 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\WMP10NL 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\WMP10NL\Wmvcore.dll 2362184 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\WMP9L 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\WMP9L\WMVCORE.DLL 2071368 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\WMP9NL 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\WMP9NL\WMVCORE.DLL 2174976 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\_downloadprogress_.state 4 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\_file_to_execute_.txt 17 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\_unpacked_.state 34 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\3cec13292e9cd4436d52f0accc1024eb\_useselfcontained_.state 50 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\40c2135ce9cffcf3bdfeed14e0704266\Emerald 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\40c2135ce9cffcf3bdfeed14e0704266\Emerald\WMVCORE.DLL 2330624 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\backup 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\sp2gdr 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\sp2gdr\msdtcprx.dll 426496 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\sp2gdr\msdtctm.dll 956416 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\sp2gdr\msdtcuiu.dll 161280 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\sp2gdr\mtxclu.dll 66560 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\sp2gdr\mtxoci.dll 91136 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\sp2gdr\xolehlp.dll 11776 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\spmsg.dll 14048 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\spuninst.exe 213216 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\susdl.rq0 647 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\branches.inf 705 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\eula.txt 804 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\KB913580.cat 15945 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\spcustom.dll 22752 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\update.exe 716000 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\update.url 5324 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\update.ver 1647 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\updatebr.inf 592 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\update_SP1QFE.inf 9640 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\update_SP2GDR.inf 16915 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\update_SP2QFE.inf 19544 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\update\updspapi.dll 371424 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\WindowsXP-KB913580-x86-ENU.psm 8237 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\_downloadprogress_.state 4 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\_unpacked_.state 34 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\4185df9bd0b35509f908e14df73d4fab\_usedelta_.state 34 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\cdfview.dll 151040 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\danim.dll 1054208 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\dxtmsft.dll 357888 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\dxtrans.dll 205312 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\extmgr.dll 55808 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\iedw.exe 18432 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\inseng.dll 96256 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\mshtmled.dll 449024 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\msrating.dll 146432 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\mstime.dll 532480 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\pngfilt.dll 39424 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\shdocvw.dll 1494528 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\shlwapi.dll 474112 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\backup\sp2qfe\urlmon.dll 615424 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr\cdfview.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr\dxtrans.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr\extmgr.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr\iepeers.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr\mshtml.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2gdr\mshtmled.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\browseui.dll 1022976 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\cdfview.dll 151040 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\danim.dll 1054208 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\dxtmsft.dll 357888 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\dxtrans.dll 205312 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\extmgr.dll 55808 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\iedw.exe 18432 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\iepeers.dll 251904 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\inseng.dll 96256 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\jsproxy.dll 16384 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\mshtml.dll 3064320 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\mshtmled.dll 449024 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\msrating.dll 146432 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\mstime.dll 532480 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\pngfilt.dll 39424 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\shdocvw.dll 1498112 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\urlmon.dll 616960 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\wininet.dll 665600 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\sp2qfe\xpsp3res.dll 248320 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\spuninst.exe 213216 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\spcustom.dll 22752 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update.ver 3724 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\493760be868721503b9abd615f71e312\update\update_SP2QFE.inf 88234 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\backup 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\sp2gdr 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\sp2gdr\srv.sys 332928 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\spmsg.dll 14048 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\spuninst.exe 213216 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\susdl.rq0 174 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\branches.inf 705 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\eula.txt 804 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\KB923414.cat 10925 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\spcustom.dll 22752 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\update.exe 716000 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\update.url 5324 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\update.ver 279 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\updatebr.inf 592 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\update_SP1QFE.inf 8645 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\update_SP2GDR.inf 17190 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\update_SP2QFE.inf 17900 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\update\updspapi.dll 371424 bytes executable
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\WindowsXP-KB923414-x86-ENU.psm 1162 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\_downloadprogress_.state 4 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\_unpacked_.state 34 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\dc632b620dc2d521266be7bce2a259fd\_usedelta_.state 34 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\backup 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\sp2gdr 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\sp2gdr\fontsub.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\sp2gdr\t2embed.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\spmsg.dll 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\spuninst.exe 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\susdl.rq0 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\update 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\WindowsXP-KB908519-x86-ENU.psm 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\_downloadprogress_.state 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\_unpacked_.state 0 bytes
File D:\XPPROSP2\SoftwareDistribution\Download\126b5745ddca77b9d635ed46c361c072\_usedelta_.state 0 bytes
---- EOF - GMER 1.0.15 ----

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:51 AM

Posted 13 August 2011 - 12:53 PM

Both, Avast and Avira are equally good, so it's up to you.

I still need BSV log.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 13 August 2011 - 02:14 PM

There were no results for BSV. The BSOD's are happening at shut down. Had one after running GMER this morning, but I forced shut down and did not wait until it finished writing memory. Do I need to uninstall the Avira?

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:51 AM

Posted 13 August 2011 - 03:06 PM

Well, I thought you uninstalled one of your AV programs already.
You must do it.

The BSOD's are happening at shut down

It doesn't matter.
Did you disable CCleaner dump files removal?

Check your settings...

1. Click Start, point to Settings, and then click Control Panel (Start>Control Panel in Vista).
2. Double-click System.
3. Click (Advanced system settings link in Vista, then --->)the Advanced tab, and then click Settings under Startup and Recovery.
4. Make sure, there is a checkmark in Write an event to the system log.
5. In the Write debugging information list, click Small memory dump (64k) (128K in Windows 7).

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#13 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 13 August 2011 - 08:25 PM

Ok I have now uninstalled Avira.

I have not touched or run CCleaner in several months and I do not recall anything like "disable CCleaner dump files removal?.

I checked system setting, "Write an event to the system log" was checked, I change Write debugging dump from "full memory" to "Small memory dump" I am running XP.

Now I must restart PC. And I did!

Edited by Johnny 5 Alive, 13 August 2011 - 08:43 PM.


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,699 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:06:51 AM

Posted 13 August 2011 - 09:03 PM

Now, when you corrected settings you'll have to wait for new 3-4 BSOD to happen and we'll see what they say.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 Johnny 5 Alive

Johnny 5 Alive
  • Topic Starter

  • Members
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sunny Naples Florida USA
  • Local time:09:51 AM

Posted 13 August 2011 - 09:51 PM

That could be weeks, they don't occur each time I shut down. But it is looking like I do not have any nasty programs causing issues!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users