Hi mailprog,
The redirect issue seems to have got eliminated. Thank you for all your help. A few observations: I looked over the malware prevention guidelines on this site, and followed them as advised- installed ERUNT, SpywareBlaster, MalwareBytes Anti-Malware, SpywareGuard, Avast! and Online Armor. I also set up the system for automatic updates for Windows updates. As a result, the PC has now got updated to XP Service Pack 3. However, there was one recommended application which is not running: SystemRestorePoint - so not sure I can make clean restore points. I will try it again now and see what the error is.
Please find the GMER log below:
---------
GMER 1.0.15.15640 -
http://www.gmer.net
Rootkit scan 2011-06-22 19:17:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-7 SAMSUNG_SP2004C rev.VM100-33
Running: vmbjz51r.exe; Driver: C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\kwldipow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF16B4202]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF171ACB2]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwAssignProcessToJobObject [0xF17CE928]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF16D86C1]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwConnectPort [0xF17CD64C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF16B681C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF16B6874]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateFile [0xF17D4316]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF16B698A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF16D8075]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF16B6772]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreatePort [0xF17CD46A]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcess [0xF17CEEE8]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateProcessEx [0xF17CB978]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF16B68C4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF16B67C6]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwCreateThread [0xF17CC634]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF16B6938]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwDebugActiveProcess [0xF17CCD22]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF16B4226]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF18B3398]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF16D8D87]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF16D903D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF16B6C0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF16D8BF2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF16D8A5D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF171AD62]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF16B3FF0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF18D393C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF18D3B44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF16B424A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF16B6D82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF16B4CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF16B684C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF16B689C]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwOpenFile [0xF17D4694]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF16B69B4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF16D83D1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF16B679E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF16B6A46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF16B6904]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF16B67F4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF16B6B2A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF16B6962]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF171ADFA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF16D88D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF16B4BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF16D872A]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwQueueApcThread [0xF17CEA44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF1723E48]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF18D4208]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestPort [0xF17CDCB0]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwRequestWaitReplyPort [0xF17CE018]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF16D76E8]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwResumeThread [0xF17CD0CE]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSecureConnectPort [0xF17CD86E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF16B426E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF16B4292]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSetContextThread [0xF17CCBCC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF18B375C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xF18D4E12]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF16B404A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF16B4186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF16D8E8E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF16B4162]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSuspendProcess [0xF17CD1FE]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwSuspendThread [0xF17CCF7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF16B41AA]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwTerminateProcess [0xF17CC472]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwTerminateThread [0xF17CCA66]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwUnloadDriver [0xF17CE518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF16B42B6]
SSDT \??\C:\WINDOWS\system32\drivers\OADriver.sys ZwWriteVirtualMemory [0xF17CE804]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + C2 804E48EC 4 Bytes JMP CF033A6D
.text ntoskrnl.exe!ZwYieldExecution + 102 804E492C 16 Bytes [1C, 68, 6B, F1, 74, 68, 6B, ...] {SBB AL, 0x68; IMUL ESI, ECX, 0x74; PUSH 0x4316f16b; JGE 0xfffffffffffffffd; MOV CH, [ECX+0x6b]; INT1 }
.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4958 12 Bytes CALL F93FC64B
.text ntoskrnl.exe!ZwYieldExecution + 16A 804E4994 12 Bytes [26, 42, 6B, F1, 98, 33, 8B, ...]
.text ntoskrnl.exe!ZwYieldExecution + 23E 804E4A68 16 Bytes [4C, 68, 6B, F1, 9C, 68, 6B, ...]
.text ...
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F172DD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 80575B10 4 Bytes CALL F16B5335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E6A62 5 Bytes JMP F172C2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP F16B7CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP F16B7BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP F16B6E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP F16B6F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP F16B7E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP F16B7B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP F16B8040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP F16B6FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP F16B6E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP F16B7F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP F16B7D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP F16B7C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP F16B732A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP F16B71AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP F16B7352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP F16B706A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP F16B6DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP F16B70DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP F16B7114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP F16B6F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP F16B7034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP F16B746C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP F16B7EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\System32\smss.exe[512] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[576] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[604] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[604] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[604] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[648] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[648] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[648] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[648] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[660] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[660] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[660] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[660] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A40804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A40A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A40600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A401F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A403FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A51014
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A50804
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A50A08
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A50C0C
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A50E10
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A501F8
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A503FC
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A50600
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[748] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[752] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[752] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[812] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[812] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[880] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[880] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[880] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A30804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A30A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A30600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A301F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A303FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A41014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A40804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A40A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A40C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A40E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A401F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A403FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A40600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[896] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_TouchService.exe[948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1064] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1064] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1064] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Online Armor\OAcat.exe[1160] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Online Armor\OAcat.exe[1160] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Online Armor\OAcat.exe[1160] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Online Armor\OAcat.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
.text C:\Program Files\Online Armor\OAcat.exe[1160] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Online Armor\OAcat.exe[1160] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Online Armor\oasrv.exe[1184] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Online Armor\oasrv.exe[1184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Online Armor\oasrv.exe[1184] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Online Armor\oasrv.exe[1184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text C:\Program Files\Online Armor\oasrv.exe[1184] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A50F5A
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Online Armor\oasrv.exe[1184] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\Program Files\Online Armor\oasrv.exe[1184] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\WINDOWS\system32\wuauclt.exe[1220] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[1220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1220] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\wuauclt.exe[1220] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\system32\wuauclt.exe[1220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1336] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1336] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1712] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1712] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1712] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1712] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1712] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A80804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A80A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A80600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A801F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A803FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A91014
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A90804
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A90A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A90C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A90E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A901F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A903FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A90600
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1792] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehRecvr.exe[1900] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 003A1014
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 003A0C0C
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 003A0E10
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003A03FC
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
.text C:\Program Files\Tablet\Pen\Pen_TouchUser.exe[1904] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00930001
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 017D0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 017D0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 017D0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 017D01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 017D03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 00D5C334 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 017E1014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 017E0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 017E0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 017E0C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 017E0E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 017E01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 017E03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 017E0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1920] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1924] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1956] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1956] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1984] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehSched.exe[1984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1984] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehSched.exe[1984] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehSched.exe[1984] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehSched.exe[1984] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 01B70804
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 01B70A08
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 01B70600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 01B701F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 01B703FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 01B81014
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 01B80804
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 01B80A08
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 01B80C0C
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 01B80E10
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 01B801F8
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 01B803FC
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 01B80600
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A50804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A50A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A50600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A501F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A503FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A61014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A60804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A60A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A60C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A60E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A601F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A603FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A60600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE[2112] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[2116] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00990804
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00990A08
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00990600
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009901F8
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009903FC
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 009A1014
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 009A0804
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 009A0A08
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 009A0C0C
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 009A0E10
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 009A01F8
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 009A03FC
.text C:\WINDOWS\ehome\ehtray.exe[2116] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 009A0600
.text C:\WINDOWS\ehome\ehtray.exe[2116] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\WINDOWS\ehome\ehtray.exe[2116] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\eHome\ehmsas.exe[2268] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
.text C:\WINDOWS\eHome\ehmsas.exe[2268] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\vmbjz51r.exe[2348] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\vmbjz51r.exe[2348] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\vmbjz51r.exe[2348] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AB0001
.text C:\vmbjz51r.exe[2348] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\vmbjz51r.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\vmbjz51r.exe[2348] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\vmbjz51r.exe[2348] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\vmbjz51r.exe[2348] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\vmbjz51r.exe[2348] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\vmbjz51r.exe[2348] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\vmbjz51r.exe[2348] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\vmbjz51r.exe[2348] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\vmbjz51r.exe[2348] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 717E0F5A
.text C:\vmbjz51r.exe[2348] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 717B0F5A
.text C:\vmbjz51r.exe[2348] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\vmbjz51r.exe[2348] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\vmbjz51r.exe[2348] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\vmbjz51r.exe[2348] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\vmbjz51r.exe[2348] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\vmbjz51r.exe[2348] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A30804
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A30A08
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A30600
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A301F8
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A303FC
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A41014
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A40804
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A40A08
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A40C0C
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A40E10
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A401F8
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A403FC
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A40600
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2356] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00381014
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00380804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00380A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00380C0C
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00380E10
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003801F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003803FC
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00380600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 019B0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 019B0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 019B0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 019B01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 019B03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 019C1014
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 019C0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 019C0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 019C0C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 019C0E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 019C01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 019C03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 019C0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 10012420 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 71540F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!select 71AB30A8 6 Bytes JMP 71510F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 100123AA C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!ioctlsocket 71AB3F50 6 Bytes JMP 714E0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 100122D1 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!bind 71AB4480 5 Bytes JMP 1001225B C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10012334 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71570F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 71440F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 100123D4 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!recv 71AB676F 6 Bytes JMP 71480F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71410F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 1001246E C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAAsyncSelect 71AC0991 6 Bytes JMP 714B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 10012369 C:\WINDOWS\system32\ativvaxx32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 713B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2428] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [6B, 71]
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2476] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00820001
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71720F5A
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 716F0F5A
.text C:\WINDOWS\Explorer.EXE[2476] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [83, 71]
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00980804
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00980A08
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00980600
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009801F8
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009803FC
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\Explorer.EXE[2476] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71870F5A
.text C:\WINDOWS\Explorer.EXE[2476] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 717B0F5A
.text C:\WINDOWS\Explorer.EXE[2476] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71780F5A
.text C:\WINDOWS\Explorer.EXE[2476] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71810F5A
.text C:\WINDOWS\Explorer.EXE[2476] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 717E0F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00991014
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00990804
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00990A08
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00990C0C
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00990E10
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 009901F8
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 009903FC
.text C:\WINDOWS\Explorer.EXE[2476] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00990600
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!sendto 71AB2F51 6 Bytes JMP 715D0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!select 71AB30A8 6 Bytes JMP 715A0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!closesocket 71AB3E2B 6 Bytes JMP 71690F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!ioctlsocket 71AB3F50 6 Bytes JMP 71570F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71660F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!send 71AB4C27 6 Bytes JMP 71600F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!WSARecv 71AB4CB5 6 Bytes JMP 714B0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!recv 71AB676F 6 Bytes JMP 714F0F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!WSASend 71AB68FA 6 Bytes JMP 71480F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!WSAAsyncSelect 71AC0991 6 Bytes JMP 71540F5A
.text C:\WINDOWS\Explorer.EXE[2476] WS2_32.dll!WSAGetOverlappedResult 71AC0D1B 6 Bytes JMP 71420F5A
.text C:\WINDOWS\Explorer.EXE[2476] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71750F5A
.text C:\WINDOWS\Explorer.EXE[2476] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2524] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2680] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2680] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2680] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2680] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A80804
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A80A08
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A80600
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A801F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A803FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A91014
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A90804
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A90A08
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A90C0C
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A90E10
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A901F8
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A903FC
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A90600
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2732] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2764] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2764] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2764] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2764] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A50804
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A50A08
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A50600
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A501F8
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A503FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A61014
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A60804
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A60A08
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A60C0C
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A60E10
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A601F8
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A603FC
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A60600
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe[2796] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 717E0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 717B0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2832] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_Tablet.exe[2848] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000801F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000803FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002D1014
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002D0804
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002D0A08
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002D0C0C
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002D0E10
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002D01F8
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002D03FC
.text C:\WINDOWS\ehome\mcrdsvc.exe[3048] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002D0600
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3076] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00940001
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00970804
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00970A08
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00970600
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 009701F8
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 009703FC
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00981014
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00980804
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00980A08
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00980C0C
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00980E10
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 009801F8
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 009803FC
.text C:\WINDOWS\system32\ctfmon.exe[3076] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00980600
.text C:\WINDOWS\system32\ctfmon.exe[3076] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3076] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Online Armor\OAui.exe[3144] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Online Armor\OAui.exe[3144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Online Armor\OAui.exe[3144] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Online Armor\OAui.exe[3144] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\Program Files\Online Armor\OAui.exe[3144] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Online Armor\OAui.exe[3144] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A50F5A
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Online Armor\OAui.exe[3144] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\QuickTime\qttask.exe[3292] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00A80804
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00A80A08
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00A80600
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00A801F8
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00A803FC
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00A91014
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00A90804
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00A90A08
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00A90C0C
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00A90E10
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00A901F8
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00A903FC
.text C:\Program Files\QuickTime\qttask.exe[3292] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00A90600
.text C:\Program Files\QuickTime\qttask.exe[3292] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\QuickTime\qttask.exe[3292] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A00001
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00DB0804
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00DB0A08
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00DB0600
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00DB01F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00DB03FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00DC1014
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00DC0804
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00DC0A08
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00DC0C0C
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00DC0E10
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00DC01F8
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00DC03FC
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00DC0600
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe[3356] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC0804
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AC0A08
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AC0600
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AC01F8
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AC03FC
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00AD1014
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00AD0804
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00AD0A08
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00AD0C0C
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00AD0E10
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00AD01F8
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00AD03FC
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00AD0600
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe[3372] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Tablet\Pen\Pen_TabletUser.exe[3400] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\wscntfy.exe[3448] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\wscntfy.exe[3448] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AE0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AE0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AE0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AE01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AE03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00AF1014
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00AF0804
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00AF0A08
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00AF0C0C
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00AF0E10
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00AF01F8
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00AF03FC
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00AF0600
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[3500] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Online Armor\OAhlp.exe[3656] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\Online Armor\OAhlp.exe[3656] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Online Armor\OAhlp.exe[3656] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\Online Armor\OAhlp.exe[3656] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001
.text C:\Program Files\Online Armor\OAhlp.exe[3656] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00391014
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00390804
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00390A08
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00390C0C
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00390E10
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!CreateServiceA 77E371E9 5 Bytes JMP 003901F8
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!CreateServiceW 77E37381 5 Bytes JMP 003903FC
.text C:\Program Files\Online Armor\OAhlp.exe[3656] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00390600
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!LoadStringW 7E419E36 6 Bytes JMP 71A50F5A
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!LoadStringA 7E42C908 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Online Armor\OAhlp.exe[3656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\dllhost.exe[3892] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\dllhost.exe[3892] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3892] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\dllhost.exe[3892] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\dllhost.exe[3892] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\dllhost.exe[3892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [65, 71]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 716C0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 718A0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71690F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 718D0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AC0804
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AC0A08
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AC0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AC01F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AC03FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71810F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 71750F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71720F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 717B0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 71780F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00AD1014
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00AD0804
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00AD0A08
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00AD0C0C
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00AD0E10
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00AD01F8
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00AD03FC
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00AD0600
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 716F0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3948] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtCreateSymbolicLinkObject 7C90D180 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtCreateSymbolicLinkObject + 4 7C90D184 2 Bytes [5C, 71]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6D4 2 Bytes [56, 71]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [50, 71]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 715A0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B80001
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 71630F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 71540F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 71A20F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 71A50F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!CloseHandle 7C809BD7 6 Bytes JMP 71810F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!LoadLibraryW 7C80AEDB 6 Bytes JMP 71600F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!CreateFileW 7C8107F0 6 Bytes JMP 71840F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!RegisterHotKey 7E41EBB3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!RegisterHotKey + 4 7E41EBB7 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00BC0804
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00BC0A08
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00BC0600
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00BC01F8
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00BC03FC
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!ExitWindowsEx 7E45A275 6 Bytes JMP 719F0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] user32.dll!DdeClientTransaction 7E46A6A2 6 Bytes JMP 71780F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] GDI32.dll!DeleteDC 77F16E5F 6 Bytes JMP 716C0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] GDI32.dll!BitBlt 77F16F79 6 Bytes JMP 71690F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] GDI32.dll!CreateDCA 77F1B7C2 6 Bytes JMP 71720F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] GDI32.dll!CreateDCW 77F1BE28 6 Bytes JMP 716F0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!InitiateSystemShutdownW 77E34C29 6 Bytes JMP 71990F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!InitiateSystemShutdownExW 77E34CBD 6 Bytes JMP 71930F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!InitiateSystemShutdownA 77E34D57 6 Bytes JMP 719C0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!InitiateSystemShutdownExA 77E34DF2 6 Bytes JMP 71960F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 00BD1014
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 00BD0804
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 00BD0A08
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 00BD0C0C
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 00BD0E10
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!CreateServiceA 77E371E9 6 Bytes JMP 00BD01F8
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!CreateServiceW 77E37381 6 Bytes JMP 00BD03FC
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] advapi32.dll!DeleteService 77E37489 5 Bytes JMP 00BD0600
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 718A0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ole32.dll!CoCreateInstance 7750057E 6 Bytes JMP 718D0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 71870F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] WS2_32.dll!socket 71AB4211 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] NETAPI32.dll!NetScheduleJobAdd 5B898005 6 Bytes JMP 71660F5A
.text C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe[3992] IPHLPAPI.DLL!IcmpSendEcho2 76D6B73C 6 Bytes JMP 71900F5A
.text C:\WINDOWS\System32\alg.exe[4008] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[4008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4008] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[4008] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[4008] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!SetServiceObjectSecurity 77E36D59 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!ChangeServiceConfig2A 77E370D9 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!ChangeServiceConfig2W 77E37161 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!CreateServiceA 77E371E9 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!CreateServiceW 77E37381 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[4008] ADVAPI32.dll!DeleteService 77E37489 5 Bytes JMP 002C0600
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7AF8EB0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7AF8F80] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F7AF8F10] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7AF8F50] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F7AF8F10] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7AF8F80] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7AF8EB0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F189B3C4] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F7AF8F10] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7AF8F50] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7AF8EB0] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7AF8F80] \??\C:\WINDOWS\system32\drivers\OAnet.sys (OA Helper Driver/Emsisoft)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F18B42AA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F18B460C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F18B3D40] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F18B441C] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[648] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[648] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [GDI32.dll!GetStockObject] [00A69CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryExW] [00A6AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!LoadLibraryW] [00A6ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00A6AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00A6ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [GDI32.dll!GetStockObject] [00A69CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryW] [00A6ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExW] [00A6AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!LoadLibraryExA] [00A6AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!AnimateWindow] [00A69D87] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenuEx] [00A69B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcA] [00A6A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColor] [00A69C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!DefWindowProcW] [00A6A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetSysColorBrush] [00A69CF2] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TrackPopupMenu] [00A69B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [00A69CEC] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00A6AE29] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00A6AE77] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00A6ADE9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00A6A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00A6A3BA] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [00A69C27] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [00A69B56] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [00A69B94] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] [00A6ADA9] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
IAT C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe[2108] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] [00A6A7A3] C:\PROGRA~1\Yahoo!\Messenger\yui.dll
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Ip OAmon.sys (TDI Helper Driver/Emsisoft)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 arkbcfltr.sys (Microsoft AR PS/2 Keyboard Filter Driver (Beta 2 Release 2)/Microsoft Corporation)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp OAmon.sys (TDI Helper Driver/Emsisoft)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp OAmon.sys (TDI Helper Driver/Emsisoft)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp OAmon.sys (TDI Helper Driver/Emsisoft)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST OAmon.sys (TDI Helper Driver/Emsisoft)
Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
---- EOF - GMER 1.0.15 ----