Computer is running amuck help w/Hijack log

shammie · 2007/12/15

I tried both running from the web and saving. Mirc has been installed for a long time, spiral frog for a couple of months. I will uninstall and clean up and let you know.
thanks again for all your help.

noahdfear · 2007/12/15

Here's a few things that will likely help.

NET Framework Version 1.1
Windows Installer CleanUp Utility
Net Framework cleanup tool

shammie · 2007/12/16

Ok. Re-installed .net framework and installed KB928366.
Hopefully that will take care of problem. However now when I go to windows update I get "Checking for the latest updates for your computer..." and it runs and runs never(after about 10minutes I give up) stops scanning. Again thank you for your help,
I really appreciate it.
Just as I was about to submit this computer went crazy again

noahdfear · 2007/12/16

Lets update a few more things and see if it helps.

1. Go to Add/Remove programs and uninstall ALL versions of Java (JRE and/or SE). When done, download and install the latest from here.

2. Download and install the latest scripting engine from Microsoft.

3. Download ATF Cleaner by Atribune and save it to your Desktop.

Double click ATF-Cleaner.exe to run the program.

Click Select All

Click Empty Selected. When you get the "Done Cleaning" message, click OK then exit.

Reboot

Note: cleaning cookies will cause the need to re-enter login information at sites such as this one, where you might have chosen to be remembered.

4. Try Windows Update again. If it still hangs, please let it sit for a considerable amount of time to see if an error is produced, then let me know what that error is. I would also like for you to copy the address of the Windows Update site you are visiting and post it here if it hangs.

5. Download GMER

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for "˜Show Allâ€™.
Click on Scan.
When the scan has completed, click Copy and paste the results (if any) into this topic.

shammie · 2007/12/17

I have J2SE runtime environment 5.0 update 6 and
Java(tm) runtime environment 6 update 1
when I try to uninstall( ihave tried each first) I get this message "Internal Error 2753. Regutils" then "Fatal error durinf installation. Since this failed I have not continued down the list except for ATF cleaner which I already have and use. Thanks

noahdfear · 2007/12/17

I was going to suggest re-installing the previous versions then uninstall, but the only one of the 2 I have found was the version 5. In lieu of that, try the Windows Installer Cleanup Utility, then delete the subfolders in the C:\Program Files\Java folder.

shammie · 2007/12/17

ok ran clean up utility con't see either java or J2SE in add/delete programs, but when I try to delete subfolder I get "cannot delete jusched.exe access is denied" Also I ran AVG ant-Spyware and it found
downloader.agent.ajn and has place it in quarantine.

noahdfear · 2007/12/17

jusched.exe is likely running and locked. Check Task Manager processes and kill it, then delete.

Any details on the quarantined item? Filename, etc?

shammie · 2007/12/17

shut down jusched.exe now get "cannot delete ssv.dll access is denied" Ran panda scan here are results:
Incident Status Location Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\SYSTEM32\Process.exe

AVG Scan shows C:\\windows\pchealth\helpcrt\vendors\cn=hewlett-packard,L=cupertino,s=ca,c=us\ehelp\localcontent\changing modem setting.ihtm.html

this goes on with differnent extension . Plus
C :\\windows\pchealth\helpcrt\packagestore\package_7.cab

noahdfear · 2007/12/17

Scan again with HijackThis and fix the following entries, with ALL other windows closed.

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe "
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

Reboot and try to delete again.

shammie · 2007/12/17

That did it. Now should I start with 2. Download and install the latest scripting engine from Microsoft.
and proceed? I ran kaspersky scan here are result(nothing found)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, December 17, 2007 9:51:22 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 18/12/2007
Kaspersky Anti-Virus database records: 454699
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 75099
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 02:39:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007121720071218\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\_restore{593172EE-14D9-4262-8426-24BF2115D284}\RP726\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{14BF44CF-F233-4E49-BE4D-9C5DAD60B7E2}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{53C029F1-6955-403D-A9E0-950CE08AACCA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default Object is locked skipped
C:\WINDOWS\SYSTEM32\config\default.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software Object is locked skipped
C:\WINDOWS\SYSTEM32\config\software.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system Object is locked skipped
C:\WINDOWS\SYSTEM32\config\system.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\h323log.txt Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

noahdfear · 2007/12/17

Great! Yes, proceed with step 2. If upon installation you recieve a message that you already have the current scripting engine, just proceed with the next step.

I'm a bit skeptical about those AVG findings and suspect a false positive identification. Would you please upload those files for me on my submission channel so I can analyze them. Leave a link back to this topic.

Thanks!

shammie · 2007/12/18

Ok reinstalled java using your link. Ran Gmer log below(when I try to post it it is too log 159194 characters). Avg-antispyware quarantine is now empty, I may have emptied it, but don't remember doing so.

noahdfear · 2007/12/18

You will need to split the gmer log into several posts.

shammie · 2007/12/18

ok. Ran another avg anti virus nothing found.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-18 09:25:30
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.13 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.13 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F76BFA5F 6 Bytes JMP F630FC5E \SystemRoot\system32\drivers\fwdrv.sys

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WININET.dll!InternetConnectA 42C249F2 5 Bytes JMP 00130F54
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WININET.dll!InternetConnectW 42C25BE0 5 Bytes JMP 00130FE0
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 00130D24
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 00130DB0
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 00130E3C
.text C:\Program Files\Southwest Airlines\Ding\Ding.exe[156] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 00130EC8
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00140004
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0014011C
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001404F0
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0014057C
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001403D8
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0014034C
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00140464
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00140608
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001407AC
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.exe[272] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00140720
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000307AC
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00030720
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000308C4
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00030838
.text C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN[316] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00030950

shammie · 2007/12/18

text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[480] KERNEL32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[480] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[480] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00160720
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00070608
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000707AC
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00070720
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00070838
.text C:\WINDOWS\SYSTEM32\winlogon.exe[504] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[548] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[548] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[548] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[548] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[548] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[548] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[560] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[560] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[560] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[560] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[560] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[560] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[708] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[708] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[708] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[708] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[708] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[792] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[792] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[792] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00030608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00030720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00030838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00030950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WININET.dll!InternetConnectA 42C249F2 5 Bytes JMP 00030F54
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WININET.dll!InternetConnectW 42C25BE0 5 Bytes JMP 00030FE0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 00030D24
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 00030DB0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 00030E3C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[848] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 00030EC8
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[852] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[852] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[852] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[852] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[852] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[852] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[852] WININET.dll!InternetConnectA 42C249F2 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[852] WININET.dll!InternetConnectW 42C25BE0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[852] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[852] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[852] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[852] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[916] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[916] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[916] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[916] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[916] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004

shammie · 2007/12/18

.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[936] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[936] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[976] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[976] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetConnectA 42C249F2 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetConnectW 42C25BE0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[976] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 00080EC8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] WININET.dll!InternetConnectA 42C249F2 5 Bytes JMP 00130F54
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] WININET.dll!InternetConnectW 42C25BE0 5 Bytes JMP 00130FE0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 00130D24
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 00130DB0
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 00130E3C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 00130EC8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1060] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[1172] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[1172] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[1172] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[1172] WININET.dll!InternetConnectA 42C249F2 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[1172] WININET.dll!InternetConnectW 42C25BE0 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[1172] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[1172] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[1172] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[1172] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[1172] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[1172] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[1172] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[1208] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[1208] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[1208] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[1208] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[1208] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[1208] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\windows\system\hpsysdrv.exe[1400] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\windows\system\hpsysdrv.exe[1400] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\windows\system\hpsysdrv.exe[1400] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1500] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\Grisoft\AVG7\avgcc.exe[1532] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694

shammie · 2007/12/18

.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe[1544] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1560] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] WININET.dll!InternetConnectA 42C249F2 5 Bytes JMP 00130F54
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] WININET.dll!InternetConnectW 42C25BE0 5 Bytes JMP 00130FE0
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 00130D24
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 00130DB0
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 00130E3C
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 00130EC8
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\iTunes\iTunesHelper.exe[1596] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\HP\KBD\KBD.EXE[1620] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\HP\KBD\KBD.EXE[1620] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\HP\KBD\KBD.EXE[1620] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\HP\KBD\KBD.EXE[1620] WININET.dll!InternetConnectA 42C249F2 5 Bytes JMP 00130F54
.text C:\HP\KBD\KBD.EXE[1620] WININET.dll!InternetConnectW 42C25BE0 5 Bytes JMP 00130FE0
.text C:\HP\KBD\KBD.EXE[1620] WININET.dll!InternetOpenA 42C2C8A1 5 Bytes JMP 00130D24
.text C:\HP\KBD\KBD.EXE[1620] WININET.dll!InternetOpenW 42C2CED1 5 Bytes JMP 00130DB0
.text C:\HP\KBD\KBD.EXE[1620] WININET.dll!InternetOpenUrlA 42C30BFA 5 Bytes JMP 00130E3C
.text C:\HP\KBD\KBD.EXE[1620] WININET.dll!InternetOpenUrlW 42C7AC51 5 Bytes JMP 00130EC8
.text C:\HP\KBD\KBD.EXE[1620] ws2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\HP\KBD\KBD.EXE[1620] ws2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\HP\KBD\KBD.EXE[1620] ws2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[1640] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[1640] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[1640] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] user32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1692] user32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe[1716] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\PROGRA~1\Grisoft\AVG7\avgemc.exe[1756] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1812] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0

shammie · 2007/12/18

.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe[1856] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\WINDOWS\SYSTEM32\bgsvcgen.exe[1904] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe[2008] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\iPod\bin\iPodService.exe[2456] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\iPod\bin\iPodService.exe[2456] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\iPod\bin\iPodService.exe[2456] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2664] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2700] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2700] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2700] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2700] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2700] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00080950
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 001308C4
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] WS2_32.dll!bind 71AB3E00 5 Bytes JMP 00130838
.text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2980] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00130950
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] kernel32.dll!SetThreadContext 7C862A69 5 Bytes JMP 00130608
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] USER32.dll!SetWindowsHookExW 7E42DDB5 5 Bytes JMP 001307AC
.text C:\Documents and Settings\Owner\Desktop\gmer.exe[3640] USER32.dll!SetWindowsHookExA 7E4311D1 5 Bytes JMP 00130720

shammie · 2007/12/18

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F630FB06] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F630FB26] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F630FB60] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F630FB86] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F630FB60] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F630FB26] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F630FB06] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisRegisterProtocol] [F630FB60] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisDeregisterProtocol] [F630FB86] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisCloseAdapter] [F630FB06] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\system32\DRIVERS\tcpip6.sys[NDIS.SYS!NdisOpenAdapter] [F630FB26] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F630FB60] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F630FB86] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F630FB06] \SystemRoot\system32\drivers\fwdrv.sys
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F630FB26] \SystemRoot\system32\drivers\fwdrv.sys

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7D75404] avg7rsw.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DA985A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F6303B30] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DA985A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F6303B30] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F6303974] fwdrv.sys

Device \Driver\fwdrv \Device\FWDRV IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DA985A] avgtdi.sys

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DA985A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F6303B30] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7DA985A] avgtdi.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F6303B30] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F6303974] fwdrv.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F6303974] fwdrv.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7D75404] avg7rsw.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7D75404] avg7rsw.sys

---- EOF - GMER 1.0.13 ----

WOW. Thank you!!!!

Log in or Sign up

Computer is running amuck help w/Hijack log

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Computer is running amuck help w/Hijack log

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

noahdfear Inactive

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

shammie Well-Known Member Thread Starter

Share This Page

Useful Searches