API tools faq
paste
Advertisement
J_Hopkins

Gmer_Log

J_Hopkins
Sep 4th, 2011
90
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 202.12 KB | None | 0 0
raw download clone embed print report
  1. GMER 1.0.15.15641 - http://www.gmer.net
  2. Rootkit scan 2011-09-04 07:42:01
  3. Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP1604N rev.TM100-24
  4. Running: uxd1dr84.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxldypog.sys
  5.  
  6.  
  7. ---- System - GMER 1.0.15 ----
  8.  
  9. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E9ED202]
  10. SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8EA53D8C]
  11. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x8EA116C1]
  12. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E9EF7F0]
  13. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E9EF848]
  14. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E9EF95E]
  15. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x8EA11075]
  16. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E9EF746]
  17. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E9EF898]
  18. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E9EF79A]
  19. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E9EF90C]
  20. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E9ED226]
  21. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x8EA11D87]
  22. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x8EA1203D]
  23. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8E9EFBE2]
  24. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x8EA11BF2]
  25. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x8EA11A5D]
  26. SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8EA53E3C]
  27. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E9ECFF0]
  28. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E9ED24A]
  29. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E9EFD56]
  30. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E9EDCDA]
  31. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E9EF820]
  32. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E9EF870]
  33. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E9EF988]
  34. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x8EA113D1]
  35. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E9EF772]
  36. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8E9EFA1A]
  37. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E9EF8D8]
  38. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E9EF7C8]
  39. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8E9EFAFE]
  40. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E9EF936]
  41. SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8EA53ED4]
  42. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x8EA118D8]
  43. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E9EDBA0]
  44. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x8EA1172A]
  45. SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x8EA5C10E]
  46. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x8EA106E8]
  47. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E9ED26E]
  48. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E9ED292]
  49. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E9ED04A]
  50. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E9ED186]
  51. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x8EA11E8E]
  52. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E9ED162]
  53. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E9ED1AA]
  54. SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E9ED2B6]
  55.  
  56. Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EA69398]
  57. Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
  58. Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
  59.  
  60. ---- Kernel code sections - GMER 1.0.15 ----
  61.  
  62. .text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL FCDCCAF3
  63. PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP 8EA667F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
  64. PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL 8E9EE335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  65. PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP 8EA6939C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
  66. PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP 8EA64D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
  67. .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xB93F4340, 0xFFF3F, 0xF8000020]
  68. init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF77A7300]
  69. .text win32k.sys!EngFreeUserMem + 674 BF809962 5 Bytes JMP 8E9F0CA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  70. .text win32k.sys!EngDeleteSurface + 45 BF813956 5 Bytes JMP 8E9F0BAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  71. .text win32k.sys!EngSetLastError + 79A8 BF824309 5 Bytes JMP 8E9EFF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  72. .text win32k.sys!EngCreateBitmap + F9C BF828C73 5 Bytes JMP 8E9F0E0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  73. .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316BE 5 Bytes JMP 8E9F1014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  74. .text win32k.sys!EngUnmapFontFileFD + B68E BF83A0FC 5 Bytes JMP 8E9F0B1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  75. .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF8519C5 5 Bytes JMP 8E9EFE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  76. .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E554 5 Bytes JMP 8E9F0180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  77. .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E5DF 5 Bytes JMP 8E9F0326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  78. .text win32k.sys!EngCreatePalette + 88 BF85F852 5 Bytes JMP 8E9EFE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  79. .text win32k.sys!EngCreatePalette + 5454 BF864C1E 5 Bytes JMP 8E9F0BD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  80. .text win32k.sys!EngGetCurrentCodePage + 411E BF873F63 5 Bytes JMP 8E9F02FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  81. .text win32k.sys!EngGradientFill + 26EE BF8947C0 5 Bytes JMP 8E9F0D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  82. .text win32k.sys!EngStretchBltROP + 583 BF895298 5 Bytes JMP 8E9F0F72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  83. .text win32k.sys!EngCopyBits + 4DEC BF89DBD8 5 Bytes JMP 8E9EFFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  84. .text win32k.sys!EngEraseSurface + A9E0 BF8C2150 5 Bytes JMP 8E9F003E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  85. .text win32k.sys!EngFillPath + 1517 BF8CA5B2 5 Bytes JMP 8E9F00AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  86. .text win32k.sys!EngFillPath + 1797 BF8CA832 5 Bytes JMP 8E9F00E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  87. .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2A7 5 Bytes JMP 8E9EFD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  88. .text win32k.sys!EngCreateClip + 19DF BF9133E5 5 Bytes JMP 8E9EFEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  89. .text win32k.sys!EngCreateClip + 25B3 BF913FB9 5 Bytes JMP 8E9F0008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  90. .text win32k.sys!EngCreateClip + 4F12 BF916918 5 Bytes JMP 8E9F0440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  91. .text win32k.sys!EngPlgBlt + 18FC BF94638A 5 Bytes JMP 8E9F0ECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
  92. .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]
  93.  
  94. ---- User code sections - GMER 1.0.15 ----
  95.  
  96. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  97. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  98. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  99. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  100. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
  101. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
  102. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
  103. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
  104. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
  105. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
  106. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
  107. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
  108. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
  109. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
  110. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
  111. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
  112. .text C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe[228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
  113. .text C:\WINDOWS\system32\wscntfy.exe[260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  114. .text C:\WINDOWS\system32\wscntfy.exe[260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  115. .text C:\WINDOWS\system32\wscntfy.exe[260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  116. .text C:\WINDOWS\system32\wscntfy.exe[260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  117. .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
  118. .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
  119. .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
  120. .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
  121. .text C:\WINDOWS\system32\wscntfy.exe[260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
  122. .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
  123. .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
  124. .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
  125. .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
  126. .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
  127. .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8
  128. .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
  129. .text C:\WINDOWS\system32\wscntfy.exe[260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
  130. .text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  131. .text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  132. .text C:\WINDOWS\Explorer.EXE[308] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  133. .text C:\WINDOWS\Explorer.EXE[308] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  134. .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
  135. .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
  136. .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
  137. .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
  138. .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
  139. .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
  140. .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
  141. .text C:\WINDOWS\Explorer.EXE[308] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
  142. .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
  143. .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
  144. .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
  145. .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
  146. .text C:\WINDOWS\Explorer.EXE[308] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
  147. .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  148. .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  149. .text C:\WINDOWS\system32\nvsvc32.exe[368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  150. .text C:\WINDOWS\system32\nvsvc32.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  151. .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  152. .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  153. .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  154. .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  155. .text C:\WINDOWS\system32\nvsvc32.exe[368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  156. .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  157. .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  158. .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  159. .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  160. .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  161. .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  162. .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  163. .text C:\WINDOWS\system32\nvsvc32.exe[368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  164. .text C:\WINDOWS\System32\smss.exe[492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  165. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  166. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  167. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  168. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  169. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00371014
  170. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00370804
  171. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370A08
  172. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00370C0C
  173. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370E10
  174. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003701F8
  175. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003703FC
  176. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00370600
  177. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  178. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  179. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  180. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  181. .text C:\WINDOWS\System32\wbem\unsecapp.exe[700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  182. .text C:\WINDOWS\system32\csrss.exe[780] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  183. .text C:\WINDOWS\system32\csrss.exe[780] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  184. .text C:\windows\system\hpsysdrv.exe[792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  185. .text C:\windows\system\hpsysdrv.exe[792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  186. .text C:\windows\system\hpsysdrv.exe[792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  187. .text C:\windows\system\hpsysdrv.exe[792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  188. .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  189. .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  190. .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  191. .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  192. .text C:\windows\system\hpsysdrv.exe[792] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  193. .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
  194. .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  195. .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
  196. .text C:\WINDOWS\system32\winlogon.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  197. .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  198. .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  199. .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  200. .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  201. .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  202. .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  203. .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  204. .text C:\WINDOWS\system32\winlogon.exe[812] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  205. .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  206. .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  207. .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  208. .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  209. .text C:\WINDOWS\system32\winlogon.exe[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  210. .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  211. .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  212. .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  213. .text C:\WINDOWS\system32\services.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  214. .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  215. .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  216. .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  217. .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  218. .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  219. .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  220. .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  221. .text C:\WINDOWS\system32\services.exe[856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  222. .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  223. .text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  224. .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  225. .text C:\WINDOWS\system32\services.exe[856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  226. .text C:\WINDOWS\system32\services.exe[856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  227. .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  228. .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  229. .text C:\WINDOWS\system32\lsass.exe[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  230. .text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  231. .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  232. .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  233. .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  234. .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  235. .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  236. .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  237. .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  238. .text C:\WINDOWS\system32\lsass.exe[876] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  239. .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  240. .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  241. .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  242. .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  243. .text C:\WINDOWS\system32\lsass.exe[876] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  244. .text C:\WINDOWS\System32\hphmon05.exe[1008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  245. .text C:\WINDOWS\System32\hphmon05.exe[1008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  246. .text C:\WINDOWS\System32\hphmon05.exe[1008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  247. .text C:\WINDOWS\System32\hphmon05.exe[1008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  248. .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
  249. .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
  250. .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
  251. .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
  252. .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
  253. .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
  254. .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
  255. .text C:\WINDOWS\System32\hphmon05.exe[1008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
  256. .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
  257. .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
  258. .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
  259. .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
  260. .text C:\WINDOWS\System32\hphmon05.exe[1008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
  261. .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  262. .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  263. .text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  264. .text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  265. .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  266. .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  267. .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  268. .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  269. .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  270. .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  271. .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  272. .text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  273. .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  274. .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  275. .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  276. .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  277. .text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  278. .text C:\HP\KBD\KBD.EXE[1044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  279. .text C:\HP\KBD\KBD.EXE[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  280. .text C:\HP\KBD\KBD.EXE[1044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  281. .text C:\HP\KBD\KBD.EXE[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  282. .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  283. .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  284. .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  285. .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  286. .text C:\HP\KBD\KBD.EXE[1044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  287. .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  288. .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  289. .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  290. .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  291. .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  292. .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  293. .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  294. .text C:\HP\KBD\KBD.EXE[1044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  295. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  296. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  297. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  298. .text C:\Program Files\iPod\bin\iPodService.exe[1108] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  299. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  300. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  301. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  302. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  303. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  304. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  305. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  306. .text C:\Program Files\iPod\bin\iPodService.exe[1108] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  307. .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  308. .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  309. .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  310. .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  311. .text C:\Program Files\iPod\bin\iPodService.exe[1108] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  312. .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  313. .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  314. .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  315. .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  316. .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  317. .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  318. .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  319. .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  320. .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  321. .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  322. .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  323. .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  324. .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  325. .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  326. .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  327. .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  328. .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  329. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  330. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  331. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  332. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  333. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002F1014
  334. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002F0804
  335. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002F0A08
  336. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002F0C0C
  337. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002F0E10
  338. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002F01F8
  339. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002F03FC
  340. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002F0600
  341. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00300804
  342. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00300A08
  343. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00300600
  344. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003001F8
  345. .text C:\Program Files\Windows Defender\MsMpEng.exe[1184] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003003FC
  346. .text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  347. .text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  348. .text C:\WINDOWS\System32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  349. .text C:\WINDOWS\System32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  350. .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  351. .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  352. .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  353. .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  354. .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  355. .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  356. .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  357. .text C:\WINDOWS\System32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  358. .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  359. .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  360. .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  361. .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  362. .text C:\WINDOWS\System32\svchost.exe[1228] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  363. .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  364. .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  365. .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  366. .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  367. .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  368. .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  369. .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  370. .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  371. .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  372. .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  373. .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  374. .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  375. .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  376. .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  377. .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  378. .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  379. .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  380. .text C:\WINDOWS\LTMSG.exe[1356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  381. .text C:\WINDOWS\LTMSG.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  382. .text C:\WINDOWS\LTMSG.exe[1356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  383. .text C:\WINDOWS\LTMSG.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  384. .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  385. .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  386. .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  387. .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  388. .text C:\WINDOWS\LTMSG.exe[1356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  389. .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  390. .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  391. .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  392. .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  393. .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  394. .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  395. .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  396. .text C:\WINDOWS\LTMSG.exe[1356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  397. .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  398. .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  399. .text C:\WINDOWS\System32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  400. .text C:\WINDOWS\System32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  401. .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  402. .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  403. .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  404. .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  405. .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  406. .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  407. .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  408. .text C:\WINDOWS\System32\svchost.exe[1408] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  409. .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  410. .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  411. .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  412. .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  413. .text C:\WINDOWS\System32\svchost.exe[1408] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  414. .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  415. .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  416. .text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  417. .text C:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  418. .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  419. .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  420. .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  421. .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  422. .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  423. .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  424. .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  425. .text C:\WINDOWS\System32\svchost.exe[1464] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  426. .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  427. .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  428. .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  429. .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  430. .text C:\WINDOWS\System32\svchost.exe[1464] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  431. .text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  432. .text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  433. .text C:\WINDOWS\system32\spoolsv.exe[1552] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  434. .text C:\WINDOWS\system32\spoolsv.exe[1552] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  435. .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  436. .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  437. .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  438. .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  439. .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  440. .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  441. .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  442. .text C:\WINDOWS\system32\spoolsv.exe[1552] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  443. .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  444. .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  445. .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  446. .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  447. .text C:\WINDOWS\system32\spoolsv.exe[1552] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  448. .text C:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  449. .text C:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  450. .text C:\WINDOWS\System32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  451. .text C:\WINDOWS\System32\svchost.exe[1628] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  452. .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  453. .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  454. .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  455. .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  456. .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  457. .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  458. .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  459. .text C:\WINDOWS\System32\svchost.exe[1628] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  460. .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  461. .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  462. .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  463. .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  464. .text C:\WINDOWS\System32\svchost.exe[1628] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  465. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  466. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  467. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  468. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  469. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  470. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  471. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  472. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  473. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  474. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  475. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  476. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  477. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  478. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  479. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  480. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  481. .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  482. .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1704] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  483. .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1704] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
  484. .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1704] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  485. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  486. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  487. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  488. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  489. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  490. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  491. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  492. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  493. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  494. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  495. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  496. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  497. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  498. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  499. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  500. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  501. .text C:\Program Files\Bonjour\mDNSResponder.exe[1732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  502. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  503. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  504. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  505. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  506. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
  507. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
  508. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
  509. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
  510. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
  511. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
  512. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
  513. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
  514. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
  515. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
  516. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
  517. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
  518. .text C:\Program Files\Flip Video\FlipShare\FlipShareService.exe[1756] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
  519. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  520. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  521. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  522. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  523. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  524. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  525. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  526. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  527. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  528. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  529. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  530. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  531. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  532. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  533. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  534. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  535. .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  536. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  537. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  538. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  539. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  540. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  541. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  542. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  543. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  544. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  545. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  546. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  547. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  548. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  549. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  550. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  551. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  552. .text C:\Program Files\Java\jre6\bin\jqs.exe[1856] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  553. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  554. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  555. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  556. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  557. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  558. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  559. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  560. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  561. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  562. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  563. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  564. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  565. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  566. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  567. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  568. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  569. .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[1892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  570. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  571. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  572. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  573. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  574. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  575. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  576. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  577. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  578. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  579. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  580. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  581. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  582. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  583. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  584. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  585. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  586. .text C:\PROGRA~1\HARDWA~1\Keyboard\Ikeymain.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  587. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  588. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  589. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  590. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  591. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  592. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  593. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  594. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  595. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  596. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  597. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  598. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  599. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  600. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  601. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  602. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  603. .text C:\PROGRA~1\HARDWA~1\Mouse\Amoumain.exe[1976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  604. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  605. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  606. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  607. .text C:\WINDOWS\ALCXMNTR.EXE[2056] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  608. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
  609. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
  610. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
  611. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
  612. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
  613. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
  614. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
  615. .text C:\WINDOWS\ALCXMNTR.EXE[2056] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
  616. .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
  617. .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
  618. .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
  619. .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
  620. .text C:\WINDOWS\ALCXMNTR.EXE[2056] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
  621. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  622. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  623. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  624. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  625. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
  626. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
  627. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
  628. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
  629. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
  630. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
  631. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
  632. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
  633. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
  634. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
  635. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
  636. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
  637. .text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
  638. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  639. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  640. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  641. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  642. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
  643. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
  644. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
  645. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
  646. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
  647. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
  648. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
  649. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
  650. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
  651. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
  652. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
  653. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
  654. .text C:\WINDOWS\system32\RUNDLL32.EXE[2076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
  655. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  656. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  657. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  658. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  659. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  660. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  661. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  662. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  663. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  664. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  665. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  666. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  667. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  668. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  669. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  670. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  671. .text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[2132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  672. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  673. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  674. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  675. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  676. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
  677. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
  678. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
  679. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
  680. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
  681. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
  682. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
  683. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
  684. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
  685. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
  686. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
  687. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
  688. .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2144] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
  689. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  690. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  691. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  692. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  693. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  694. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  695. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  696. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  697. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  698. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  699. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  700. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  701. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  702. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  703. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  704. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  705. .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[2152] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  706. .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  707. .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  708. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  709. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  710. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  711. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  712. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
  713. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
  714. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
  715. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
  716. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
  717. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
  718. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
  719. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
  720. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
  721. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
  722. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
  723. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
  724. .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe[2304] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
  725. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  726. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  727. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  728. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  729. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  730. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  731. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  732. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  733. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  734. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  735. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  736. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  737. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  738. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  739. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  740. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  741. .text C:\Program Files\iTunes\iTunesHelper.exe[2312] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  742. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  743. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  744. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  745. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  746. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
  747. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
  748. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
  749. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
  750. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
  751. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
  752. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
  753. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
  754. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
  755. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
  756. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
  757. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
  758. .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
  759. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  760. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  761. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  762. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  763. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
  764. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
  765. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
  766. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
  767. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
  768. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
  769. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
  770. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
  771. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
  772. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
  773. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
  774. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
  775. .text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[2352] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
  776. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  777. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  778. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  779. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  780. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00441014
  781. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00440804
  782. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00440A08
  783. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00440C0C
  784. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00440E10
  785. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004401F8
  786. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004403FC
  787. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00440600
  788. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00450804
  789. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00450A08
  790. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00450600
  791. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004501F8
  792. .text C:\Program Files\Windows Defender\MSASCui.exe[2360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004503FC
  793. .text C:\Documents and Settings\Owner\Desktop\uxd1dr84.exe[2452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  794. .text C:\Documents and Settings\Owner\Desktop\uxd1dr84.exe[2452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  795. .text C:\WINDOWS\system32\ctfmon.exe[2456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
  796. .text C:\WINDOWS\system32\ctfmon.exe[2456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  797. .text C:\WINDOWS\system32\ctfmon.exe[2456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
  798. .text C:\WINDOWS\system32\ctfmon.exe[2456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  799. .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
  800. .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
  801. .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
  802. .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
  803. .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
  804. .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
  805. .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
  806. .text C:\WINDOWS\system32\ctfmon.exe[2456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
  807. .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
  808. .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
  809. .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
  810. .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
  811. .text C:\WINDOWS\system32\ctfmon.exe[2456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
  812. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  813. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  814. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  815. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  816. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
  817. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
  818. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
  819. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
  820. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
  821. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
  822. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
  823. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
  824. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
  825. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
  826. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
  827. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
  828. .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[2476] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
  829. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  830. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  831. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  832. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  833. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  834. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  835. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  836. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  837. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  838. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  839. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  840. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  841. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  842. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  843. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  844. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  845. .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2588] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  846. .text C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  847. .text C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  848. .text C:\WINDOWS\System32\svchost.exe[2636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  849. .text C:\WINDOWS\System32\svchost.exe[2636] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  850. .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  851. .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  852. .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  853. .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  854. .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  855. .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  856. .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  857. .text C:\WINDOWS\System32\svchost.exe[2636] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  858. .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  859. .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  860. .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  861. .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  862. .text C:\WINDOWS\System32\svchost.exe[2636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  863. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  864. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  865. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  866. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  867. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
  868. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
  869. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
  870. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
  871. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
  872. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
  873. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
  874. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
  875. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
  876. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
  877. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
  878. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
  879. .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
  880. .text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  881. .text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  882. .text C:\WINDOWS\System32\alg.exe[2808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  883. .text C:\WINDOWS\System32\alg.exe[2808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  884. .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
  885. .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
  886. .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
  887. .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
  888. .text C:\WINDOWS\System32\alg.exe[2808] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
  889. .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
  890. .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
  891. .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
  892. .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
  893. .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
  894. .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
  895. .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
  896. .text C:\WINDOWS\System32\alg.exe[2808] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
  897. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  898. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  899. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  900. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  901. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  902. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  903. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  904. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  905. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  906. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  907. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  908. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  909. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  910. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  911. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  912. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  913. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe[2964] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  914. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  915. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  916. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  917. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  918. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  919. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  920. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  921. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  922. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  923. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  924. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  925. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  926. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  927. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  928. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  929. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  930. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe[3128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  931. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  932. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  933. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  934. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  935. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
  936. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
  937. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
  938. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
  939. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
  940. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
  941. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
  942. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
  943. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
  944. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
  945. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
  946. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
  947. .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
  948. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  949. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  950. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  951. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  952. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  953. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  954. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  955. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  956. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  957. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  958. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  959. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  960. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  961. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  962. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  963. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  964. .text C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe[3276] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  965. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  966. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  967. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  968. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  969. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
  970. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
  971. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
  972. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
  973. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
  974. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
  975. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
  976. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
  977. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
  978. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
  979. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
  980. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
  981. .text C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe[3404] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
  982. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000D01F8
  983. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  984. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000D03FC
  985. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
  986. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  987. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00311014
  988. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00310804
  989. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00310A08
  990. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00310C0C
  991. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00310E10
  992. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003101F8
  993. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003103FC
  994. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00310600
  995. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00320804
  996. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00320A08
  997. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00320600
  998. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003201F8
  999. .text C:\WINDOWS\system32\SearchIndexer.exe[3448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003203FC
  1000. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  1001. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1002. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  1003. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1004. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
  1005. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
  1006. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
  1007. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
  1008. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
  1009. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  1010. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  1011. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  1012. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  1013. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  1014. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  1015. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  1016. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe[3580] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  1017. .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1018. .text C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe[3592] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1019. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  1020. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1021. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  1022. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1023. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
  1024. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
  1025. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
  1026. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
  1027. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
  1028. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
  1029. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
  1030. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
  1031. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
  1032. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
  1033. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
  1034. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
  1035. .text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
  1036. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
  1037. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1038. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
  1039. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1040. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
  1041. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
  1042. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
  1043. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
  1044. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
  1045. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
  1046. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
  1047. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
  1048. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E0804
  1049. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0A08
  1050. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E0600
  1051. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E01F8
  1052. .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3624] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E03FC
  1053. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  1054. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1055. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  1056. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1057. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  1058. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  1059. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  1060. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  1061. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  1062. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  1063. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  1064. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  1065. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  1066. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  1067. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  1068. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  1069. .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[3640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  1070. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  1071. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1072. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  1073. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1074. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  1075. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  1076. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  1077. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  1078. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  1079. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  1080. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  1081. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  1082. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  1083. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  1084. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  1085. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  1086. .text C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe[3656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  1087. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
  1088. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1089. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
  1090. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1091. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
  1092. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
  1093. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
  1094. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
  1095. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
  1096. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
  1097. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
  1098. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
  1099. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
  1100. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
  1101. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
  1102. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
  1103. .text C:\Program Files\Canon\CAL\CALMAIN.exe[3728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
  1104. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  1105. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1106. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  1107. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1108. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
  1109. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
  1110. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
  1111. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
  1112. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
  1113. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
  1114. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
  1115. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
  1116. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
  1117. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
  1118. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
  1119. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
  1120. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe[3848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
  1121. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
  1122. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
  1123. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
  1124. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
  1125. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
  1126. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
  1127. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
  1128. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
  1129. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
  1130. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
  1131. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
  1132. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
  1133. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
  1134. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
  1135. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
  1136. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
  1137. .text C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe[4000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
  1138.  
  1139. ---- User IAT/EAT - GMER 1.0.15 ----
  1140.  
  1141. IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
  1142. IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000
  1143.  
  1144. ---- Devices - GMER 1.0.15 ----
  1145.  
  1146. Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
  1147.  
  1148. AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
  1149.  
  1150. Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
  1151.  
  1152. AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
  1153. AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
  1154. AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
  1155. AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
  1156.  
  1157. Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
  1158.  
  1159. AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
  1160. AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
  1161.  
  1162. ---- EOF - GMER 1.0.15 ----
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!