Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- GMER 1.0.15.15641 - http://www.gmer.net
- Rootkit scan 2011-09-04 07:42:01
- Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP1604N rev.TM100-24
- Running: uxd1dr84.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxldypog.sys
- ---- System - GMER 1.0.15 ----
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E9ED202]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8EA53D8C]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x8EA116C1]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E9EF7F0]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E9EF848]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E9EF95E]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x8EA11075]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E9EF746]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E9EF898]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E9EF79A]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E9EF90C]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E9ED226]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x8EA11D87]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x8EA1203D]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8E9EFBE2]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x8EA11BF2]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x8EA11A5D]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8EA53E3C]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E9ECFF0]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E9ED24A]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E9EFD56]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E9EDCDA]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E9EF820]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E9EF870]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E9EF988]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x8EA113D1]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E9EF772]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8E9EFA1A]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E9EF8D8]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E9EF7C8]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8E9EFAFE]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E9EF936]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8EA53ED4]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x8EA118D8]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E9EDBA0]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x8EA1172A]
- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x8EA5C10E]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x8EA106E8]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E9ED26E]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E9ED292]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E9ED04A]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E9ED186]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x8EA11E8E]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E9ED162]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E9ED1AA]
- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E9ED2B6]
- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EA69398]
- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
- ---- Kernel code sections - GMER 1.0.15 ----
- .text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL FCDCCAF3
- PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP 8EA667F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
- PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL 8E9EE335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP 8EA6939C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
- PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP 8EA64D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
- .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB93F4340, 0xFFF3F, 0xF8000020]
- init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF77A7300]
- .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP 8E9F0CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP 8E9F0BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP 8E9EFF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP 8E9F0E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP 8E9F1014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP 8E9F0B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP 8E9EFE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP 8E9F0180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP 8E9F0326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP 8E9EFE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP 8E9F0BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP 8E9F02FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP 8E9F0D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP 8E9F0F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP 8E9EFFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP 8E9F003E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP 8E9F00AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP 8E9F00E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP 8E9EFD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP 8E9EFEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP 8E9F0008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP 8E9F0440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP 8E9F0ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
- .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]
- ---- User code sections - GMER 1.0.15 ----
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
- .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
- .text C:\WINDOWS\system32\wscntfy.exe[260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\wscntfy.exe[260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\wscntfy.exe[260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\wscntfy.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
- .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
- .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
- .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
- .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
- .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
- .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
- .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
- .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
- .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
- .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
- .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
- .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
- .text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
- .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
- .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
- .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
- .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
- .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
- .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
- .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
- .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
- .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\WINDOWS\system32\nvsvc32.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\WINDOWS\System32\smss.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\WINDOWS\system32\csrss.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\windows\system\hpsysdrv.exe[792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\windows\system\hpsysdrv.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\windows\system\hpsysdrv.exe[792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\windows\system\hpsysdrv.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
- .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
- .text C:\WINDOWS\system32\winlogon.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\services.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\WINDOWS\System32\hphmon05.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
- .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
- .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
- .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
- .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
- .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
- .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
- .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\HP\KBD\KBD.EXE[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\HP\KBD\KBD.EXE[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\HP\KBD\KBD.EXE[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\HP\KBD\KBD.EXE[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
- .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
- .text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\System32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\LTMSG.exe[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\WINDOWS\LTMSG.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\LTMSG.exe[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\WINDOWS\LTMSG.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1704] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
- .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
- .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
- .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
- .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
- .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
- .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
- .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
- .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00441014
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00440804
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00440A08
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00440C0C
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00440E10
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004401F8
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004403FC
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00440600
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00450804
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00450A08
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00450600
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004501F8
- .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004503FC
- .text C:\Documents and Settings\Owner\Desktop\uxd1dr84.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Documents and Settings\Owner\Desktop\uxd1dr84.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
- .text C:\WINDOWS\system32\ctfmon.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
- .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
- .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
- .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
- .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
- .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
- .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
- .text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\System32\alg.exe[2808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
- .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
- .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
- .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
- .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
- .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
- .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
- .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
- .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
- .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
- .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3592] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
- .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
- .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
- .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
- .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
- ---- User IAT/EAT - GMER 1.0.15 ----
- IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
- IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000
- ---- Devices - GMER 1.0.15 ----
- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
- Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
- AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
- AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
- AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
- AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
- Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
- AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
- AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
- ---- EOF - GMER 1.0.15 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement