Inactive Extremely Slow Page Loading...

Blue Star · 2011/07/12

[Inactive] Extremely Slow Page Loading...

Dear Broni... I have all the logs except dds. I can't find how to disable script blocking using XP...Each time I start dds, it closes itself. Here's the other 3 logs requested.

Long reponse times from click to page loading. Occaisional crashing are main symptoms...

Thank you!
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 7039

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/9/2011 1:06:30 PM
mbam-log-2011-07-09 (13-06-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 265303
Time elapsed: 52 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{7d83713c-adab-4793-aa3d-b89ddb8c654a}\RP128\A0094876.exe (Adware.Agent) -> Quarantined and deleted successfully.

Blue Star · 2011/07/12

Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtClose]

[00CE2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00CE2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtCreateFile]

[00D02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00D02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtClose]

[00D02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00D02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]

[00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00802DB0] C:\Program Files\Common

Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]

[00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00802DC0] C:\Program Files\Common

Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Program

Files\Nova Development\Art Explosion Publisher Pro\1.0\Wizards\Desktop\Calendars\Year on a

Page\8\xbdx11 inch\Business.npp 1
Reg HKLM\SOFTWARE\Classes\.3dp@

Vroomsap.1
Reg HKLM\SOFTWARE\Classes\.sig@

PMWPosterType
Reg HKLM\SOFTWARE\Classes\ActivePopup.1@

Popup Control
Reg HKLM\SOFTWARE\Classes\ActivePopup.1\CLSID

Reg HKLM\SOFTWARE\Classes\ActivePopup.1\CLSID@

{8F0DD2CA-786E-

11D0-A671-000092909AB2}
Reg HKLM\SOFTWARE\Classes\Communicator.Download@

Download Class
Reg HKLM\SOFTWARE\Classes\Communicator.Download\CLSID

Reg HKLM\SOFTWARE\Classes\Communicator.Download\CLSID@

{B160422D-0A48

-11D4-BD9B-00A0C9B0AB7B}
Reg HKLM\SOFTWARE\Classes\Communicator.Download\CurVer

Reg HKLM\SOFTWARE\Classes\Communicator.Download\CurVer@

Communicator.Download.1
Reg HKLM\SOFTWARE\Classes\Communicator.Download.1@

Download Class
Reg HKLM\SOFTWARE\Classes\Communicator.Download.1\CLSID

Reg HKLM\SOFTWARE\Classes\Communicator.Download.1\CLSID@

{B160422D-0A48

-11D4-BD9B-00A0C9B0AB7B}
Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1@

ConnMgr Control
Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\CONNMGR.ConnMgrCtrl.1\CLSID@

{25E2B9D7-

7C7F-4EE0-ACE5-F5492131B121}
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl@

InstallFromTheWeb

ActiveX Control
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CLSID

Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CLSID@

{4E330863-6A11-

11D0-BFD8-006097237877}
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CurVer

Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl\CurVer@

IFTWCtrl.IFTWCtrl.1
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1@

InstallFromTheWeb

ActiveX Control
Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\IFTWCtrl.IFTWCtrl.1\CLSID@

{4E330863-6A11-

11D0-BFD8-006097237877}
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj@

ImportClientObj

Class
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj\CLSID

Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj\CLSID@

{A844CD49-95EA

-4ef0-92D2-BB32E68A6491}
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1@

ImportClientObj

Class
Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1\CLSID

Reg HKLM\SOFTWARE\Classes\ImportClient.ImportClientObj.1\CLSID@

{A844CD49-95EA

-4ef0-92D2-BB32E68A6491}
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile@

Enhanced metafile
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\CLSID

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\CLSID@

{5D455741-

68F5-101C-AABC-0000C0E03D82}
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\DefaultIcon

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\DefaultIcon@

C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe,-151
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\Insertable

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\Insertable@

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol@

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing@

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\serv

er
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\serv

er@ C:\PROGRA~1

\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\ver

b
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\ver

b@
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\ver

b\0
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\protocol\StdFileEditing\ver

b\0@ &Edit
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open\command

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\open\command@

C:\PROGRA~1

\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe "%1 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print\command

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\print\command@

C:\PROGRA~1

\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /p "%1 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto\command

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.EnhancedMetafile\shell\printto\command@

C:\PROGRA~1

\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /pt "%1" "%2" "%3" "%4 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1@

Metafile Companion

Picture (32-bit)
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\CLSID

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\CLSID@

{5D455741-68F5-

101C-AABC-0000C0E03D82}
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\Insertable

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1

\protocol\StdFileEditing\server

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1

\protocol\StdFileEditing\server@

C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1\protocol\StdFileEditing\verb

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1

\protocol\StdFileEditing\verb\0

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.Picture.1

\protocol\StdFileEditing\verb\0@

&Edit
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile@

Windows

metafile
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\CLSID

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\CLSID@

{5D455741-

68F5-101C-AABC-0000C0E03D82}
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\DefaultIcon

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\DefaultIcon@

C:\PROGRA~1\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe,-152
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\Insertable

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\Insertable@

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol@

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing@

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\serv

er
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\serv

er@ C:\PROGRA~1

\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\ver

b
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\ver

b@
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\ver

b\0
Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\protocol\StdFileEditing\ver

b\0@ &Edit
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open\command

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\open\command@

C:\PROGRA~1

\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe "%1 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print

Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print\command

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\print\command@

C:\PROGRA~1

\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /p "%1 "
Reg HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto\command

Reg

HKLM\SOFTWARE\Classes\MetafileCompanion32.WindowsMetafile\shell\printto\command@

C:\PROGRA~1

\COMMON~1\BRODER~1\ADVANC~1\advdraw.exe /pt "%1" "%2" "%3" "%4 "
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory@

Soap Port

Connector Factory
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\Clsid@

{4CE546FF-9128-

465E-B5C5-5A36CFC2C285}
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\CurVer

Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory\CurVer@

MSSOAP.ConnectorFactory.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1@

Soap Port

Connector Factory
Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.ConnectorFactory.1\Clsid@

{4CE546FF-9128-

465E-B5C5-5A36CFC2C285}
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector@

Microsoft Soap Http

Connector
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\Clsid@

{6205B8C9-75FF-

4623-A50A-88E1F14EAFF2}
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\CurVer

Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector\CurVer@

MSSOAP.HttpConnector.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1@

Microsoft Soap Http

Connector
Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.HttpConnector.1\Clsid@

{6205B8C9-75FF-

4623-A50A-88E1F14EAFF2}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient@

Microsoft Soap

SoapClient class
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\Clsid@

{86D54F3D-652D-

4ab3-A1A6-14D403F6C813}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\CurVer

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient\CurVer@

MSSOAP.SoapClient.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1@

Microsoft Soap

SoapClient class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapClient.1\Clsid@

{86D54F3D-652D-

4ab3-A1A6-14D403F6C813}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader@

Microsoft Soap

SoapReader class
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\Clsid@

{FDE424F3-AA10-

471D-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\CurVer

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader\CurVer@

MSSOAP.SoapReader.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1@

Microsoft Soap

SoapReader class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapReader.1\Clsid@

{FDE424F3-AA10-

471D-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer@

Microsoft Soap

SoapSerializer class
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\Clsid@

{ADE424F3-AA10-

471D-8A0A-687534555900}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\CurVer

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer\CurVer@

MSSOAP.SoapSerializer.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1@

Microsoft Soap

SoapSerializer class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapSerializer.1\Clsid@

{ADE424F3-AA10-

471D-8A0A-687534555900}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer@

Microsoft Soap

SoapServer class
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\Clsid@

{EBB2FF12-861A-

42b6-B815-B1AF4D944916}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\CurVer

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer\CurVer@

MSSOAP.SoapServer.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1@

Microsoft Soap

SoapServer class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapServer.1\Clsid@

{EBB2FF12-861A-

42b6-B815-B1AF4D944916}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1@

Microsoft

SoapTypeMapperFactory Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypefactory.1\Clsid@

{9C5754F7-ADF5-

4D82-B181-0F8FC5EA882B}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory@

Microsoft

SoapTypeMapperFactoryclass
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\Clsid@

{9C5754F7-

ADF5-4D82-B181-0F8FC5EA882B}
Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\CurVer

Reg HKLM\SOFTWARE\Classes\MSSOAP.SoapTypeMapperFactory\CurVer@

MSSOAP.SoapTypeMapperFactory.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader@

Microsoft Soap

WSDLReader class
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\Clsid@

{BB023FC5-AA10-

47CE-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\CurVer

Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader\CurVer@

MSSOAP.WSDLReader.1
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1@

Microsoft Soap

WSDLReader class Version 1
Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1\Clsid

Reg HKLM\SOFTWARE\Classes\MSSOAP.WSDLReader.1\Clsid@

{BB023FC5-AA10

-47CE-8A0A-6875C17B5914}
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload@

Upload Class
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CLSID

Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CLSID@

{4C470CD2-7394-

11D4-9691-00D0B707528C}
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CurVer

Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload\CurVer@

NPFTPX.Upload.1
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1@

Upload Class
Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1\CLSID

Reg HKLM\SOFTWARE\Classes\NPFTPX.Upload.1\CLSID@

{4C470CD2-7394-

11D4-9691-00D0B707528C}
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl@

OnlineContentCtrl Class
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CLSID

Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CLSID@

{697CA6EF-

989E-48CB-A70C-35E8875D890D}
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CurVer

Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl\CurVer@

OnlineContentMgr.OnlineContentCtrl.1
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1@

OnlineContentCtrl Class
Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1\CLSID

Reg HKLM\SOFTWARE\Classes\OnlineContentMgr.OnlineContentCtrl.1\CLSID@

{697CA6EF-

989E-48CB-A70C-35E8875D890D}
Reg HKLM\SOFTWARE\Classes\PMWPosterType@

Broderbund Poster

Type
Reg HKLM\SOFTWARE\Classes\PMWPosterType\CLSID

Reg HKLM\SOFTWARE\Classes\PMWPosterType\CLSID@

{76F54460-046F-

11CF-B79A-0000C0E9C528}
Reg HKLM\SOFTWARE\Classes\PMWPosterType\DefaultIcon

Reg HKLM\SOFTWARE\Classes\PMWPosterType\DefaultIcon@

C:\Program

Files\Broderbund\ClickArt Fonts 4\pmwres32.dll,1
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell

Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open

Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\command

Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\command@

C:\PROGRA~1

\BRODER~1\CLICKA~1\cafonts4.exe "%1 "
Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\ddeexec

Reg HKLM\SOFTWARE\Classes\PMWPosterType\shell\open\ddeexec@

[open( "%1 ")]
Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport@

Pretzel.ClickArt.FileImport
Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport\CLSID

Reg HKLM\SOFTWARE\Classes\Pretzel.ClickArt.FileImport\CLSID@

{998B9CAA-369B-

41D0-A2F7-44CC1D208686}
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab@

Microsoft Tabbed Dialog

Control, version 6.0
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID

Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CLSID@

{BDC217C5-ED16-

11CD-956C-0000C04E4C0A}
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer

Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab\CurVer@

TabDlg.SSTab.1
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1@

Microsoft Tabbed Dialog

Control, version 6.0
Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID

Reg HKLM\SOFTWARE\Classes\TabDlg.SSTab.1\CLSID@

{BDC217C5-ED16-

11CD-956C-0000C04E4C0A}
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom@

3DGreetings.com Player

2.0
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom\CurVer

Reg HKLM\SOFTWARE\Classes\Vroom.Vroom\CurVer@

Vroom.Vroom.1
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1@

3DGreetings.com Player

2.0
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\CLSID

Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\CLSID@

{0C3F7D74-ADA5-

4976-8908-A8189590DAFA}
Reg HKLM\SOFTWARE\Classes\Vroom.Vroom.1\Insertable

Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D@

Vroom3D Renderer
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D\CurVer

Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D\CurVer@

Vroom3D.Vroom3D.1
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1@

Vroom3D Renderer
Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1\CLSID

Reg HKLM\SOFTWARE\Classes\Vroom3D.Vroom3D.1\CLSID@

{D1331690-405A-

11d3-A7E8-00902745D30B}
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio@

VroomAudio
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio\CurVer

Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio\CurVer@

VroomAudio.VroomAudio.1
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1@

VroomAudio
Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1\CLSID

Reg HKLM\SOFTWARE\Classes\VroomAudio.VroomAudio.1\CLSID@

{EE0F92D8-

1B1A-4815-BA92-E4C981A1C2DA}
Reg HKLM\SOFTWARE\Classes\VroomSap.1@DefaultIcon

\ExpressIt\VroomSap.exe
Reg HKLM\SOFTWARE\Classes\VroomSap.1@

ExpressIt Player v2 File
Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell

Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open

Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open\Command

Reg HKLM\SOFTWARE\Classes\VroomSap.1\Shell\Open\Command@

"\VroomSap.exe"

"
Reg HKLM\SOFTWARE\Classes\{83DC6B35-719A-11D1-9828-00A0246D4780}

\LocalServer32

Reg HKLM\SOFTWARE\Classes\{83DC6B35-719A-11D1-9828-00A0246D4780}

\LocalServer32@

C:\PROGRA~1\BRODER~1\ClickArt Fonts 4\cafonts4.exe

---- EOF - GMER 1.0.15 ----

Blue Star · 2011/07/12

7C91632D 5 Bytes

JMP 001501F8
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ntdll.dll!RtlDosSearchPath_U

+ 186 7C916865 1

Byte [62]
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001503FC
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003C03FC
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 003D0600
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

001401F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ntdll.dll!

LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!

CreateServiceA 77E37211 5

Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!

CreateServiceW 77E373A9

5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!

DeleteService 77E374B1 5

Bytes JMP 00390600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ntdll.dll!

LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ntdll.dll!

LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\ehome\ehtray.exe[4084] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\ehome\ehtray.exe[4084] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\ehome\ehtray.exe[4084] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\WINDOWS\ehome\ehtray.exe[4084] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002D0804
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002D0600
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 002D01F8
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes

JMP 002D03FC
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002E1014
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002E0C0C
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002E0E10
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002E01F8
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002E0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001501F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ntdll.dll!RtlDosSearchPath_U +

186 7C916865

1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001503FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] kernel32.dll!GetBinaryTypeW +

80 7C868D8C

1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 004A0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 004A0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 004A0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 004A01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 004A03FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 004B1014
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 004B0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 004B0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 004B0C0C
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 004B0E10
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 004B01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 004B03FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!DeleteService

77E374B1 5

Bytes JMP 004B0600
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001501F8
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ntdll.dll!RtlDosSearchPath_U

+ 186 7C916865 1

Byte [62]
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001503FC
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 002B0804
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 002B0A08
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 002B0600
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 002B01F8
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002B03FC
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 002A1014
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 002A0804
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 002A0A08
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 002A0C0C
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 002A0E10
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 002A01F8
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 002A03FC
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!DeleteService

77E374B1 5

Bytes JMP 002A0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\wscntfy.exe[228] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtCreateFile]

[008F2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[228] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDeviceIoControlFile]

[008F2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[228] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtClose]

[008F2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[228] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDuplicateObject]

[008F2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe

[ADVAPI32.dll!CreateProcessAsUserW]

005F0002
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe

[KERNEL32.dll!CreateProcessW]

005F0000
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtCreateFile]

[00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtClose]

[00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]

[00AA2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00AA2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]

[00AA2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00AA2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!

NtCreateFile]

[00E52F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!

NtDeviceIoControlFile]

[00E52DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!

NtClose]

[00E52D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!

NtDuplicateObject]

[00E52DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1800] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtCreateFile]

[00CF2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1800] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDeviceIoControlFile]

[00CF2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1800] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtClose]

[00CF2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1800] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDuplicateObject]

[00CF2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[2324] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtCreateFile]

[00922F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[2324] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDeviceIoControlFile]

[00922DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[2324] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtClose]

[00922D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[2324] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDuplicateObject]

[00922DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtCreateFile] [009F2F60] C:\Program Files\Common

Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDeviceIoControlFile] [009F2DB0] C:\Program Files\Common

Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtClose] [009F2D70] C:\Program Files\Common

Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDuplicateObject] [009F2DC0] C:\Program Files\Common

Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

@ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]

[00B12F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

@ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00B12DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

@ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]

[00B12D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

@ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00B12DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

@ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]

[01852F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

@ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[01852DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

@ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]

[01852D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

@ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]

[01852DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]

[00C92F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00C92DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]

[00C92D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00C92DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]

[00A02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00A02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]

[00A02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00A02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3192] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtCreateFile]

[00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3192] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDeviceIoControlFile]

[00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3192] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtClose]

[00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3192] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDuplicateObject]

[00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3208] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtCreateFile]

[00B82F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3208] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDeviceIoControlFile]

[00B82DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3208] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtClose]

[00B82D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3208] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDuplicateObject]

[00B82DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[3292] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtCreateFile]

[00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[3292] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDeviceIoControlFile]

[00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[3292] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtClose]

[00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[3292] @ C:\WINDOWS\system32\kernel32.dll

[ntdll.dll!NtDuplicateObject]

[00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[3380] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtCreateFile]

[00A22F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[3380] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00A22DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[3380] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtClose]

[00A22D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[3380] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00A22DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile]

[00A22F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00A22DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose]

[00A22D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] @

C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]

[00A22DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

(Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtCreateFile]

[00CE2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper

Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] @ C:\WINDOWS\system32

\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]

[00CE2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech

Blue Star · 2011/07/12

Bytes JMP 004D0A08
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 004D0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 004D01F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 004D03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001501F8
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001503FC
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!

DeleteService

77E374B1 5 Bytes JMP 003B0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001501F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1

Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001503FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 003A1014
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 003A0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 003A0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 003A0C0C
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 003A0E10
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 003A01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003A03FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!DeleteService

77E374B1 5

Bytes JMP 003A0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!SetWindowsHookExW

7E42820F

5 Bytes JMP 003B0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003B0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 003B0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003B01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3668] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

[3740] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\alg.exe[3860] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\System32\alg.exe[3860] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\System32\alg.exe[3860] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\WINDOWS\System32\alg.exe[3860] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte

[62]
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 003C0804
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 003C0A08
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 003C0600
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 003C01F8
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes

JMP 003C03FC
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 003D1014
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes

JMP 003D0804
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 003D0A08
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 003D0C0C
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 003D0E10
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 003D01F8
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 003D03FC
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 003D0600
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!

DeleteService

77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1

Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00381014
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00380804
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!ChangeServiceConfigW

77E37001

5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!ChangeServiceConfig2W

77E37189

5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 003801F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003803FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!DeleteService

77E374B1 5

Bytes JMP 00380600
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!SetWindowsHookExW

7E42820F

5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00390600
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003901F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003903FC
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

001401F8
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

001403FC
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00380804
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 00380A08
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00380600
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 003801F8
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003803FC
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00391014
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00390804
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 00390A08
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 00390C0C
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 00390E10
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 003901F8
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 003903FC
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 00390600
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ntdll.dll!LdrLoadDll

Blue Star · 2011/07/12

.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002D0804
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002D0600
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ntdll.dll!LdrLoadDll 7C91632D

5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ntdll.dll!LdrLoadDll 7C91632D

5 Bytes JMP 001401F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ntdll.dll!LdrUnloadDll 7C9171CD

5 Bytes JMP 001403FC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 004A1014
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 004A0804
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 004A0A08
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 004A0C0C
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 004A0E10
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 004A01F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 004A03FC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 004A0600
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ntdll.dll!LdrLoadDll 7C91632D

5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 005F0804
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 005F0A08
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 005F0600
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 005F01F8
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 005F03FC
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00601014
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00600804
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00600A08
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00600C0C
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00600E10
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 006001F8
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 006003FC
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00600600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00501014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00500804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00500A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00500C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00500E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 005001F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 005003FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!

DeleteService

77E374B1 5 Bytes JMP 00500600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00510804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00510A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00510600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 005101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 005103FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ntdll.dll!LdrUnloadDll

7C9171CD 5

Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!

DeleteService

77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ntdll.dll!

LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ntdll.dll!

LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!

DeleteService 77E374B1

5 Bytes JMP 00380600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[3192] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3192] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\ctfmon.exe[3192] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3192] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00411014
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00410804
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 00410A08
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 00410C0C
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 00410E10
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 004101F8
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 004103FC
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 00410600
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00420804
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 00420A08
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00420600
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 004201F8
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 004203FC
.text C:\Program Files\Messenger\msmsgs.exe[3208] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\Program Files\Messenger\msmsgs.exe[3208] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\Program Files\Messenger\msmsgs.exe[3208] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\Program Files\Messenger\msmsgs.exe[3208] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte

[62]
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 003E1014
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes

JMP 003E0804
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 003E0A08
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 003E0C0C
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 003E0E10
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 003E01F8
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 003E03FC
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 003E0600
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 003F0804
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 003F0A08
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 003F0600
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 003F01F8
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes

JMP 003F03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ntdll.dll!

LdrLoadDll 7C91632D 5

Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ntdll.dll!

LdrUnloadDll 7C9171CD

5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\RAMASST.exe[3292] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\WINDOWS\system32\RAMASST.exe[3292] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1

Byte [62]
.text C:\WINDOWS\system32\RAMASST.exe[3292] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\WINDOWS\system32\RAMASST.exe[3292] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00390804
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!UnhookWindowsHookEx

7E42D5F3

5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00390600
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003901F8
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003903FC
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 003A1014
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 003A0804
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 003A0A08
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 003A0E10
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 003A01F8
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003A03FC
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!DeleteService

77E374B1 5

Bytes JMP 003A0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001501F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001503FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 004C1014
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 004C0804
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 004C0A08
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 004C0C0C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 004C0E10
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 004C01F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 004C03FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 004C0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 004D0804
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Blue Star · 2011/07/12

Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2200] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\WINDOWS\system32\dllhost.exe[2276] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\dllhost.exe[2276] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\dllhost.exe[2276] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\WINDOWS\system32\dllhost.exe[2276] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 3

Bytes JMP 003C1014
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity + 4

77E36D85 1

Byte [88]
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 003C0804
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 003C0A08
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 003C0C0C
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 003C0E10
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 003C01F8
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 003C03FC
.text C:\WINDOWS\system32\dllhost.exe[2276] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 003C0600
.text C:\WINDOWS\system32\dllhost.exe[2276] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 003D0804
.text C:\WINDOWS\system32\dllhost.exe[2276] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 003D0A08
.text C:\WINDOWS\system32\dllhost.exe[2276] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 003D0600
.text C:\WINDOWS\system32\dllhost.exe[2276] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 003D01F8
.text C:\WINDOWS\system32\dllhost.exe[2276] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes

JMP 003D03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000801F8
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000803FC
.text C:\WINDOWS\eHome\ehmsas.exe[2324] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2324] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 003D0804
.text C:\WINDOWS\eHome\ehmsas.exe[2324] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 003D0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2324] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 003D0600
.text C:\WINDOWS\eHome\ehmsas.exe[2324] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003D01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2324] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003D03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 003E1014
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 003E0804
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 003E0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 003E0C0C
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 003E0E10
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 003E01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003E03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2324] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 003E0600
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Logitech\Desktop Messenger\8876480

\Program\LogitechDesktopMessenger.exe[2612] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628] ntdll.dll!

LdrLoadDll 7C91632D

5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628] ntdll.dll!

LdrUnloadDll 7C9171CD

5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[2628]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001501F8
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ntdll.dll!RtlDosSearchPath_U

+ 186 7C916865 1

Byte [62]
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001503FC
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003A03FC
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe[2648] ADVAPI32.dll!DeleteService

77E374B1 5

Bytes JMP 003B0600
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1

Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\WINDOWS\SOUNDMAN.EXE[2676] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\SOUNDMAN.EXE[2676] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00380804
.text C:\WINDOWS\SOUNDMAN.EXE[2676] USER32.dll!UnhookWindowsHookEx

7E42D5F3

5 Bytes JMP 00380A08
.text C:\WINDOWS\SOUNDMAN.EXE[2676] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00380600
.text C:\WINDOWS\SOUNDMAN.EXE[2676] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003801F8
.text C:\WINDOWS\SOUNDMAN.EXE[2676] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003803FC
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00391014
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00390804
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 00390A08
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 00390C0C
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 00390E10
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 003901F8
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003903FC
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!DeleteService

77E374B1 5

Bytes JMP 00390600
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1

Byte [62]
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00380804
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00380600
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003801F8
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003803FC
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 003901F8
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003903FC
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 00390600
.text C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe[2788] ntdll.dll!RtlDosSearchPath_U +

186 7C916865 1

Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe[2788] KERNEL32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\WINDOWS\MXOALDR.EXE[2804] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\WINDOWS\MXOALDR.EXE[2804] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\MXOALDR.EXE[2804] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\WINDOWS\MXOALDR.EXE[2804] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00381014
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00380804
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 00380A08
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 00380C0C
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 00380E10
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 003801F8
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003803FC
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 00380600
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00390804
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 00390A08
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00390600
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003901F8
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003903FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ntdll.dll!

LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ntdll.dll!

LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 00390600
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ntdll.dll!

LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ntdll.dll!

LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00390600
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[2888] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002C1014
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002C0C0C

Blue Star · 2011/07/12

Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ntdll.dll!LdrUnloadDll

7C9171CD 5

Bytes JMP 001403FC
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 004C0804
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 004C0A08
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 004C0600
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 004C01F8
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 004C03FC
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 004D1014
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 004D0804
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 004D0A08
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 004D0C0C
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 004D0E10
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 004D01F8
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 004D03FC
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!

DeleteService

77E374B1 5 Bytes JMP 004D0600
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte

[62]
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes

JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes

JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes

JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes

JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes

JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1584] ntdll.dll!RtlDosSearchPath_U

+ 186 7C916865 1

Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1584] kernel32.dll!

SetUnhandledExceptionFilter

7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1584] kernel32.dll!GetBinaryTypeW

+ 80 7C868D8C 1

Byte [62]
.text C:\WINDOWS\ALCWZRD.EXE[1800] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\WINDOWS\ALCWZRD.EXE[1800] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1

Byte [62]
.text C:\WINDOWS\ALCWZRD.EXE[1800] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\WINDOWS\ALCWZRD.EXE[1800] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\ALCWZRD.EXE[1800] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00711014
.text C:\WINDOWS\ALCWZRD.EXE[1800] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00710804
.text C:\WINDOWS\ALCWZRD.EXE[1800] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 00710A08
.text C:\WINDOWS\ALCWZRD.EXE[1800] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 00710C0C
.text C:\WINDOWS\ALCWZRD.EXE[1800] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 00710E10
.text C:\WINDOWS\ALCWZRD.EXE[1800] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 007101F8
.text C:\WINDOWS\ALCWZRD.EXE[1800] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 007103FC
.text C:\WINDOWS\ALCWZRD.EXE[1800] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 00710600
.text C:\WINDOWS\ALCWZRD.EXE[1800] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00720804
.text C:\WINDOWS\ALCWZRD.EXE[1800] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 00720A08
.text C:\WINDOWS\ALCWZRD.EXE[1800] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00720600
.text C:\WINDOWS\ALCWZRD.EXE[1800] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 007201F8
.text C:\WINDOWS\ALCWZRD.EXE[1800] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 007203FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1832] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 00390600
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1

Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] kernel32.dll!GetBinaryTypeW + 80

7C868D8C

1 Byte [62]
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] USER32.dll!SetWindowsHookExW

7E42820F

5 Bytes JMP 00380804
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] USER32.dll!SetWindowsHookExA

7E431211

5 Bytes JMP 00380600
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003801F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003803FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00391014
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00390804
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ADVAPI32.dll!ChangeServiceConfigW

77E37001

5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ADVAPI32.dll!ChangeServiceConfig2A

77E37101

5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ADVAPI32.dll!ChangeServiceConfig2W

77E37189

5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 003901F8
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003903FC
.text C:\WINDOWS\system32\DVDRAMSV.exe[1848] ADVAPI32.dll!DeleteService

77E374B1 5

Bytes JMP 00390600
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 004C1014
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 004C0804
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 004C0A08
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 004C0C0C
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 004C0E10
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 004C01F8
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 004C03FC
.text C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe[1892] ADVAPI32.dll!

DeleteService

77E374B1 5 Bytes JMP 004C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1968] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002D0600
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ntdll.dll!LdrLoadDll 7C91632D

5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

USER32.dll!SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe[2148]

ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] ADVAPI32.dll!

DeleteService

77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe[2184] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\svchost.exe[2200] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2200] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Blue Star · 2011/07/12

Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes

JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte

[62]
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes

JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes

JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes

JMP 002C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 00390600
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 004C0804
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 004C0A08
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 004C0600
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 004C01F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 004C03FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 004D1014
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 004D0804
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 004D0A08
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 004D0C0C
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 004D0E10
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!CreateServiceA

77E37211 5

Bytes JMP 004D01F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 004D03FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 004D0600
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWinEventHook

7E4317F7 5

Blue Star · 2011/07/12

JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 001403FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!

CreateServiceA

77E37211 5 Bytes JMP 003901F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!

DeleteService

77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wscntfy.exe[228] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\wscntfy.exe[228] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[264] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000801F8
.text C:\WINDOWS\eHome\ehSched.exe[264] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\eHome\ehSched.exe[264] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[264] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!SetWinEventHook

7E4317F7 5

Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!CreateServiceW

77E373A9 5

Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002D0600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ntdll.dll!

LdrLoadDll

7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ntdll.dll!

LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!

CreateServiceA 77E37211

5 Bytes JMP 003901F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!

CreateServiceW

77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!

DeleteService 77E374B1

5 Bytes JMP 00390600
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes

JMP 001401F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ntdll.dll!

RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ntdll.dll!

LdrUnloadDll

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] kernel32.dll!

GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!

SetWindowsHookExW

7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!

UnhookWindowsHookEx

7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!

SetWindowsHookExA

7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!

SetWinEventHook

7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!

UnhookWinEvent

7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!

SetServiceObjectSecurity

77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!

ChangeServiceConfigA

77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!

ChangeServiceConfigW

77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!

ChangeServiceConfig2A

77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!

ChangeServiceConfig2W

77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!

CreateServiceA 77E37211

5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!

CreateServiceW 77E373A9

5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!

DeleteService 77E374B1 5

Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWindowsHookExW

7E42820F 5

Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5

Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWindowsHookExA

7E431211 5

Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes

JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!UnhookWinEvent

7E4318AC 5

Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[680] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5 Bytes

JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5 Bytes

JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5 Bytes

JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5 Bytes

JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5 Bytes

JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes JMP

003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes JMP

003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes JMP

00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!SetWindowsHookExW

7E42820F 5 Bytes

JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!UnhookWindowsHookEx

7E42D5F3 5 Bytes

JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!SetWindowsHookExA

7E431211 5 Bytes

JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!SetWinEventHook

7E4317F7 5 Bytes JMP

003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!UnhookWinEvent

7E4318AC 5 Bytes JMP

003A03FC
.text C:\WINDOWS\system32\csrss.exe[752] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\csrss.exe[752] KERNEL32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000701F8
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes

JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[776] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Blue Star · 2011/07/12

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-07-11 14:30:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17

WDC_WD2000JD-98HBB0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\Donna\LOCALS~1\Temp\kglcqfoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwAddBootEntry [0xB64FA202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)

ZwAllocateVirtualMemory [0xB6560D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwClose [0xB651E6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwCreateEvent [0xB64FC7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwCreateEventPair [0xB64FC848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwCreateIoCompletion [0xB64FC95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwCreateKey [0xB651E075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwCreateMutant [0xB64FC746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwCreateSection [0xB64FC898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwCreateSemaphore [0xB64FC79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwCreateTimer [0xB64FC90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwDeleteBootEntry [0xB64FA226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwDeleteKey [0xB651ED87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwDeleteValueKey [0xB651F03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwDuplicateObject [0xB64FCBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwEnumerateKey [0xB651EBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwEnumerateValueKey [0xB651EA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)

ZwFreeVirtualMemory [0xB6560E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwLoadDriver [0xB64F9FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwModifyBootEntry [0xB64FA24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwNotifyChangeKey [0xB64FCD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwNotifyChangeMultipleKeys [0xB64FACDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenEvent [0xB64FC820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenEventPair [0xB64FC870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenIoCompletion [0xB64FC988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenKey [0xB651E3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenMutant [0xB64FC772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenProcess [0xB64FCA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenSection [0xB64FC8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenSemaphore [0xB64FC7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenThread [0xB64FCAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwOpenTimer [0xB64FC936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)

ZwProtectVirtualMemory [0xB6560ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwQueryKey [0xB651E8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwQueryObject [0xB64FABA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwQueryValueKey [0xB651E72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)

ZwRenameKey [0xB656910E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwRestoreKey [0xB651D6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwSetBootEntryOrder [0xB64FA26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwSetBootOptions [0xB64FA292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwSetSystemInformation [0xB64FA04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwSetSystemPowerState [0xB64FA186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwSetValueKey [0xB651EE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwShutdownSystem [0xB64FA162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwSystemDebugControl [0xB64FA1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)

ZwVdmControl [0xB64FA2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)

ZwCreateProcessEx [0xB6576398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)

ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)

ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 19A

804E49F4 4 Bytes JMP

D9A1B651
.text ntoskrnl.exe!ZwYieldExecution + 2F6

804E4B50 4 Bytes CALL

E41E01A6
.text ntoskrnl.exe!ZwYieldExecution + 3A6

804E4C00 4 Bytes [E8, D6, 51,

B6]
PAGE ntoskrnl.exe!ObInsertObject

8056DA64 5 Bytes JMP B65737F2

\SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC

805766FB 4 Bytes CALL

B64FB335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx

8058B9EC 7 Bytes JMP

B657639C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject

805AD1E0 5 Bytes JMP

B6571D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST

Software)
.text win32k.sys!EngFreeUserMem + 674

BF809922 5 Bytes JMP

B64FDCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngDeleteSurface + 45

BF813911 5 Bytes JMP B64FDBAE

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B

BF824157 5 Bytes JMP B64FCF34

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C

BF828CE9 5 Bytes JMP

B64FDE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50

BF8316DA 5 Bytes JMP

B64FE014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2

BF83A37C 5 Bytes JMP

B64FDB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngCopyBits + 5F35

BF857E69 5 Bytes JMP B64FCFA4

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C

BF866FF4 5 Bytes JMP

B64FD180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517

BF86707F 5 Bytes JMP

B64FD326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47

BF867AAF 5 Bytes JMP

B64FCE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC

BF86E664 5 Bytes JMP

B64FDBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7

BF871F85 5 Bytes JMP

B64FDF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngGetCurrentCodePage + 411E

BF88C9D8 5 Bytes JMP

B64FD2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngTextOut + 4149

BF8B0CBE 5 Bytes JMP B64FCE70

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF

BF8C26A3 5 Bytes JMP

B64FDD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngStretchBltROP + 450

BF8C3048 5 Bytes JMP

B64FD03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngFillPath + 1517

BF8CB4AA 1 Byte [E9]
.text win32k.sys!EngFillPath + 1517

BF8CB4AA 5 Bytes JMP B64FD0AE

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797

BF8CB72A 5 Bytes JMP B64FD0E8

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E

BF8ED1B7 5 Bytes JMP

B64FCD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST

Software)
.text win32k.sys!EngCreateClip + 19B2

BF913F1F 5 Bytes JMP B64FCEF0

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586

BF914AF3 5 Bytes JMP B64FD008

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5

BF917452 5 Bytes JMP B64FD440

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924

BF945FB0 5 Bytes JMP B64FDECA

\SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[132] ntdll.dll!LdrLoadDll

7C91632D 5 Bytes JMP

000901F8
.text C:\WINDOWS\system32\spoolsv.exe[132] ntdll.dll!RtlDosSearchPath_U + 186

7C916865 1 Byte

[62]
.text C:\WINDOWS\system32\spoolsv.exe[132] ntdll.dll!LdrUnloadDll

7C9171CD 5 Bytes JMP

000903FC
.text C:\WINDOWS\system32\spoolsv.exe[132] kernel32.dll!GetBinaryTypeW + 80

7C868D8C 1

Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!SetServiceObjectSecurity

77E36D81 5

Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!ChangeServiceConfigA

77E36E69 5

Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!ChangeServiceConfigW

77E37001 5

Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!ChangeServiceConfig2A

77E37101 5

Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!ChangeServiceConfig2W

77E37189 5

Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!CreateServiceA

77E37211 5 Bytes

JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!CreateServiceW

77E373A9 5 Bytes

JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!DeleteService

77E374B1 5 Bytes

broni · 2011/07/12

Make sure "word wrap" is disabled in Notepad because your GMER log (incomplete btw) is not readable.

Please, run this....

Please download Rootkit Unhooker from one of the following links and save it to your desktop.

Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)

In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.

Click the Report tab, then click Scan.

Check Drivers, Stealth, and uncheck the rest.

Click OK.

Wait until it's finished and then go to File > Save Report.

Save the report to your Desktop.

Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay? ".

===================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:

On completion of the scan click "Save log ", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

Blue Star · 2011/07/13

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2265088 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2265088 bytes
0x804D7000 RAW 2265088 bytes
0x804D7000 WMIxWDM 2265088 bytes
0xBF087000 C:\WINDOWS\System32\ati3duag.dll 2256896 bytes (ATI Technologies Inc. , ati3duag.dll)
0xEECF7000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 2220032 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xEEBAC000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF73FC000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 909312 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF72DB000 C:\WINDOWS\system32\DRIVERS\smrt.sys 790528 bytes (Sony Corporation, Sony MPEG RealTime encoder board)
0xEEB05000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF7569000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xBF2AE000 C:\WINDOWS\System32\ativvaxx.dll 483328 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xF763F000 iaStor.sys 471040 bytes (Intel Corporation, Intel Application Accelerator driver)
0xB5824000 C:\WINDOWS\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0xB5908000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7107000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5A3B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB3D24000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xB58AD000 C:\WINDOWS\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0xBF324000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF04B000 C:\WINDOWS\System32\ati2cqag.dll 245760 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 233472 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xF718D000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xF7720000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB4137000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF753C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB5978000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF73C0000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEECAB000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 163840 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB59C5000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF76CA000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB59ED000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB57C0000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xEECD3000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF739C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF72B8000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB59A3000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80700000 ACPI_HAL 134400 bytes
0x80700000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF761F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7299000 C:\WINDOWS\system32\DRIVERS\e1000325.sys 126976 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.1 deserialized driver)
0xF76F0000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7522000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF76B2000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB57A8000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xB4449000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF75F6000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB5AB8000 C:\WINDOWS\System32\Drivers\meiudf.sys 94208 bytes (Matsushita Electric Industrial Co.,Ltd., DVD-RAM UDF File System Driver)
0xF726E000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB418C000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF7285000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF73E8000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB5A94000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF760D000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF770F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF71BD000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xB5AA7000 C:\WINDOWS\System32\Drivers\Udfs.SYS 69632 bytes (Microsoft Corporation, UDF File System Driver)
0xB3EAF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF787F000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF785F000 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys 65536 bytes (Logitech, Inc., Logitech Filter Driver for Mouse Class.)
0xF780F000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xF777F000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF78AF000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xF798F000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF788F000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4371000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF79AF000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF778F000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xB3BCC000 C:\WINDOWS\system32\drivers\lvusbsta.sys 57344 bytes (Logitech Inc., USB Statistic Driver)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF783F000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF78EF000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF782F000 C:\WINDOWS\system32\DRIVERS\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF77AF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF784F000 C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys 49152 bytes (Logitech, Inc., Logitech PS/2 Mouse Filter Driver.)
0xF790F000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF78CF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF786F000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF779F000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF78FF000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF776F000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF796F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF792F000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF781F000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xB2F71000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF77BF000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF79CF000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF791F000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF78BF000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF77DF000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF789F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B0F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7B57000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB2CBD000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7ACF000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7AEF000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF7B3F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF79EF000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB2CAD000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF7A07000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF7B6F000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7ADF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7AE7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7A8F000 C:\WINDOWS\system32\drivers\symlcbrd.sys 24576 bytes (Symantec Corporation, Symantec Core Component)
0xF7AC7000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7B47000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7B5F000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF7B2F000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF7A2F000 C:\WINDOWS\system32\drivers\LVPrcMon.sys 20480 bytes (-, -)
0xF7B4F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF79F7000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7AFF000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7B07000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF7AF7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7A87000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF74F6000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB4650000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB3579000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xB46CC000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF7B7F000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF717D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7C4F000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xB4188000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7C5B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7C33000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7CDF000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7C75000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xF7CAD000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7CDD000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7C73000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7C6F000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7CE1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7CFB000 C:\WINDOWS\system32\drivers\MSPQM.sys 8192 bytes (Microsoft Corporation, MS Proxy Quality Manager)
0xF7CE3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7CBF000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7CCD000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7C71000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E5F000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7DCF000 C:\WINDOWS\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
0xF7E0C000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7DA4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7D37000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

Blue Star · 2011/07/13

doesn't indicate in the above report, but stealth scan said "nothing to report . "

Blue Star · 2011/07/13

First MBR log from 2 days ago....

aswMBR version 0.9.7.705 Copyright(c) 2011 AVAST Software
Run date: 2011-07-11 14:43:55
-----------------------------
14:43:55.634 OS Version: Windows 5.1.2600 Service Pack 3
14:43:55.634 Number of processors: 2 586 0x304
14:43:55.634 ComputerName: YOUR-13E050B673 UserName: Arwen
14:44:33.900 Initialize success
14:46:32.259 AVAST engine defs: 11071100
17:07:39.806 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17
17:07:39.806 Disk 0 Vendor: WDC_WD2000JD-98HBB0 08.02D08 Size: 190782MB BusType: 3
17:07:41.900 Disk 0 MBR read successfully
17:07:41.916 Disk 0 MBR scan
17:07:41.916 Disk 0 unknown MBR code
17:07:43.962 Disk 0 scanning sectors +390716865
17:07:44.134 Disk 0 scanning C:\WINDOWS\system32\drivers
17:22:43.712 Service scanning
17:23:01.603 Disk 0 trace - called modules:
17:23:01.666 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys
17:23:01.666 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8735aab8]
17:23:01.666 3 CLASSPNP.SYS[f77cffd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-17[0x87359b00]
17:23:11.025 AVAST engine scan C:\WINDOWS
22:11:13.103 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Donna\Desktop\MBR.dat "
22:11:15.197 The log file has been saved successfully to "C:\Documents and Settings\Donna\Desktop\aswMBR log.txt "

currently scanning with MBR again and will post that log when available..

Blue Star · 2011/07/13

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-07-11 14:30:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD2000JD-98HBB0 rev.08.02D08
Running: gmer.exe; Driver: C:\DOCUME~1\Donna\LOCALS~1\Temp\kglcqfoc.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB64FA202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6560D8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB651E6C1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB64FC7F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB64FC848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB64FC95E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB651E075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB64FC746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB64FC898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB64FC79A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB64FC90C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB64FA226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB651ED87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB651F03D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB64FCBE2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB651EBF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB651EA5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6560E3C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB64F9FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB64FA24A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB64FCD56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB64FACDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB64FC820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB64FC870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB64FC988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB651E3D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB64FC772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB64FCA1A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB64FC8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB64FC7C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB64FCAFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB64FC936]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6560ED4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB651E8D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB64FABA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB651E72A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB656910E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB651D6E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB64FA26E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB64FA292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB64FA04A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB64FA186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB651EE8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB64FA162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB64FA1AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB64FA2B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6576398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 19A 804E49F4 4 Bytes JMP D9A1B651
.text ntoskrnl.exe!ZwYieldExecution + 2F6 804E4B50 4 Bytes CALL E41E01A6
.text ntoskrnl.exe!ZwYieldExecution + 3A6 804E4C00 4 Bytes [E8, D6, 51, B6]
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP B65737F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL B64FB335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP B657639C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP B6571D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B64FDCA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B64FDBAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B64FCF34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B64FDE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B64FE014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B64FDB1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B64FCFA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B64FD180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B64FD326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B64FCE58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B64FDBD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B64FDF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B64FD2FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B64FCE70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B64FDD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B64FD03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 1 Byte [E9]
.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B64FD0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B64FD0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B64FCD8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B64FCEF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B64FD008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B64FD440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B64FDECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[132] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[132] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[192] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wscntfy.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[264] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[264] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[264] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[264] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[264] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[264] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D0600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[520] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe[584] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[612] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[612] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804

Blue Star · 2011/07/13

.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[612] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\smss.exe[680] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\csrss.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[752] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[776] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[776] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[776] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[820] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[820] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[820] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[832] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\Ati2evxx.exe[1012] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004C0804
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004C0A08
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004C0600
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004C01F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004C03FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004D1014
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004D0804
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004D0A08
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004D0C0C
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004D0E10
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004D01F8
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004D03FC
.text C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004D0600
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1204] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1316] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004C0804
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004C0A08
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004C0600
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004C01F8
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004C03FC
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004D1014
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004D0804
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004D0A08
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004D0C0C
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004D0E10
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004D01F8
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004D03FC
.text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004D0600
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1484] USER32.dll!UnhookWinEvent

Blue Star · 2011/07/13

.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\SOUNDMAN.EXE[2676] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\SONY\sHotKey\sHotKey.exe[2768] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe[2788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe[2788] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\MXOALDR.EXE[2804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\MXOALDR.EXE[2804] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\MXOALDR.EXE[2804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\MXOALDR.EXE[2804] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\MXOALDR.EXE[2804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\MXOALDR.EXE[2804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe[2848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe[2864] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC
.text C:\WINDOWS\system32\wdfmgr.exe[2888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wdfmgr.exe[2888] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wdfmgr.exe[2888] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe[2932] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004A1014
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004A0804
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004A0A08
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004A0C0C
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004A0E10
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004A01F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004A03FC
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004A0600
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 005F0804
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 005F0A08
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 005F0600
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005F01F8
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005F03FC
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00601014
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00600804
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00600A08
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00600C0C
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00600E10
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 006001F8
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 006003FC
.text C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00600600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00501014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00500804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00500A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00500C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00500E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005001F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005003FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00500600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00510804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00510A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00510600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005103FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ntdll.dll!LdrUnloadDll

Blue Star · 2011/07/13

7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe[3144] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[3192] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3192] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3192] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00411014
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00410804
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00410A08
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00410C0C
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00410E10
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004101F8
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004103FC
.text C:\WINDOWS\system32\ctfmon.exe[3192] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00410600
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00420804
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00420A08
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00420600
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004201F8
.text C:\WINDOWS\system32\ctfmon.exe[3192] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004203FC
.text C:\Program Files\Messenger\msmsgs.exe[3208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[3208] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[3208] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Messenger\msmsgs.exe[3208] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Messenger\msmsgs.exe[3208] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe[3252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\RAMASST.exe[3292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\RAMASST.exe[3292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\RAMASST.exe[3292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\RAMASST.exe[3292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\RAMASST.exe[3292] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\RAMASST.exe[3292] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004C1014
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004C0804
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004C0A08
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004C0C0C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004C0E10
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004C01F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004C03FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004C0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004D0804
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004D0A08
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004D0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004D01F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3380] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004D03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3424] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08

Blue Star · 2011/07/13

.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe[3700] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe[3740] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\alg.exe[3860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[3860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[3860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\WINDOWS\System32\alg.exe[3860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\System32\alg.exe[3860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe[3880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\LVCOMSX.EXE[3912] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ElkCtrl.exe[4008] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003C0804
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003C0A08
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003C0600
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003C01F8
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003C03FC
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003D1014
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003D0804
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003D0A08
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003D0C0C
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003D0E10
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003D01F8
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003D03FC
.text C:\Program Files\Logitech\Video\CameraAssistant.exe[4016] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003D0600
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe[4060] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE[4076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\ehome\ehtray.exe[4084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\ehome\ehtray.exe[4084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[4084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\ehome\ehtray.exe[4084] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\ehtray.exe[4084] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002E1014
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002E0804
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002E0A08
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002E0C0C
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002E0E10
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002E01F8

Blue Star · 2011/07/13

.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002E03FC
.text C:\WINDOWS\ehome\ehtray.exe[4084] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002E0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004A0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004A0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004A0600
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004A01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004A03FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004B1014
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004B0804
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 004B0A08
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004B0C0C
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004B0E10
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 004B01F8
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 004B03FC
.text C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004B0600
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002A1014
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002A0804
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002A0A08
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002A0C0C
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002A0E10
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002A01F8
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002A03FC
.text C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002A0600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\wscntfy.exe[228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [008F2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [008F2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [008F2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\wscntfy.exe[228] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [008F2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
IAT C:\WINDOWS\system32\services.exe[820] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\ImageMate CompactFlash USB\SandIcon.Exe[1024] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\MouseWare\system\em_exec.exe[1416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E52F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E52DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E52D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1472] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E52DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CF2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CF2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CF2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\ALCWZRD.EXE[1800] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CF2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[2324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00922F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[2324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00922DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[2324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00922D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[2324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00922DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009F2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009F2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009F2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[2612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009F2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[2940] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01852F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01852DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01852D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Hewlett-Packard\hp deskjet 9600 series\Toolbox\HPWITBX.exe[2952] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01852DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C92F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C92DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C92D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2984] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C92DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[3004] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3192] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B82F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B82DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B82D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[3208] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B82DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[3292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[3292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[3292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\RAMASST.exe[3292] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\WinZip\WZQKPICK.EXE[3380] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A22F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A22DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A22D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe[3436] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A22DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CE2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CE2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CE2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe[3644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CE2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe[4644] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Donna\Desktop\gmer.exe[5696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

Log in or Sign up

Inactive Extremely Slow Page Loading...

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Share This Page

Log in or Sign up

Inactive Extremely Slow Page Loading...

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

broni Moderator Malware Analyst

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Blue Star Well-Known Member Thread Starter

Share This Page

Useful Searches