GMER 1.0.15.15627 - http://www.gmer.net Rootkit scan 2011-05-24 14:43:03 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST380011A rev.3.16 Running: gmer.exe; Driver: C:\DOCUME~1\KRISCH~1\LOCALS~1\Temp\kwlirkoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF454D9CA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF45CAA68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF456DAF5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF454FEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF454FF04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF455001A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF456D4A9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF454FE02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF454FF54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF454FE56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF454FFC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF454D9EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF456E1BB] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF456E471] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF455029E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF456E026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF456DE91] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF45CAB18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF454D7B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF454DA12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF4550412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF454E4AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF454FEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF454FF2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF4550044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF456D805] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF454FE2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF45500D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF454FF94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF454FE84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF45501BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF454FFF2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF45CABB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF456DD0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF454E370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF456DB5E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF45D2E26] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF456CB1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF454DA36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF454DA5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF454D812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF454D94E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF456E2C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF454D92A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF454D972] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF454DA7E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF45DF8DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution + DA 804E4934 2 Bytes [F5, DA] PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP F45DCD38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL F454EE25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058B9EC 7 Bytes JMP F45DF8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805AD1E0 5 Bytes JMP F45DB29E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003701D4 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003700E4 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00370120 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0037015C .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00370198 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00370030 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0037006C .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003700A8 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030 .text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[188] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 3 Bytes JMP 003C01D4 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E36D85 1 Byte [88] .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003C00E4 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003C0120 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003C015C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003C0198 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003C0030 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003C006C .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003C00A8 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003D00E4 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003D0120 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003D00A8 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003D0030 .text C:\Program Files\Microsoft ActiveSync\wcescomm.exe[324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003D006C .text C:\Program Files\DNA\btdna.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\DNA\btdna.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\DNA\btdna.exe[336] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\DNA\btdna.exe[336] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\DNA\btdna.exe[336] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\DNA\btdna.exe[336] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\DNA\btdna.exe[336] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\DNA\btdna.exe[336] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\DNA\btdna.exe[336] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\DNA\btdna.exe[336] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\DNA\btdna.exe[336] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4 .text C:\Program Files\DNA\btdna.exe[336] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120 .text C:\Program Files\DNA\btdna.exe[336] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8 .text C:\Program Files\DNA\btdna.exe[336] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030 .text C:\Program Files\DNA\btdna.exe[336] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E600E4 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00E60120 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00E600A8 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00E60030 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[344] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00E6006C .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002D01D4 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002D00E4 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002D0120 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002D015C .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002D0198 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002D0030 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002D006C .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002D00A8 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002E00E4 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002E0120 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002E00A8 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002E0030 .text C:\Program Files\Windows Media Player\WMPNSCFG.exe[356] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002E006C .text C:\Program Files\Common Files\efax\HotTray.exe[376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\Program Files\Common Files\efax\HotTray.exe[376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\Program Files\Common Files\efax\HotTray.exe[376] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4 .text C:\Program Files\Common Files\efax\HotTray.exe[376] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120 .text C:\Program Files\Common Files\efax\HotTray.exe[376] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8 .text C:\Program Files\Common Files\efax\HotTray.exe[376] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030 .text C:\Program Files\Common Files\efax\HotTray.exe[376] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C .text C:\Program Files\Common Files\efax\HotTray.exe[376] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Common Files\efax\HotTray.exe[376] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Common Files\efax\HotTray.exe[376] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Common Files\efax\HotTray.exe[376] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Common Files\efax\HotTray.exe[376] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Common Files\efax\HotTray.exe[376] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Common Files\efax\HotTray.exe[376] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Common Files\efax\HotTray.exe[376] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\iPod\bin\iPodService.exe[516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\iPod\bin\iPodService.exe[516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\iPod\bin\iPodService.exe[516] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\iPod\bin\iPodService.exe[516] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\iPod\bin\iPodService.exe[516] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\iPod\bin\iPodService.exe[516] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\iPod\bin\iPodService.exe[516] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\iPod\bin\iPodService.exe[516] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\iPod\bin\iPodService.exe[516] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\iPod\bin\iPodService.exe[516] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\iPod\bin\iPodService.exe[516] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4 .text C:\Program Files\iPod\bin\iPodService.exe[516] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120 .text C:\Program Files\iPod\bin\iPodService.exe[516] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8 .text C:\Program Files\iPod\bin\iPodService.exe[516] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030 .text C:\Program Files\iPod\bin\iPodService.exe[516] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030 .text C:\PROGRA~1\MICROS~3\rapimgr.exe[544] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe[564] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00070030 .text C:\WINDOWS\system32\winlogon.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0007006C .text C:\WINDOWS\system32\winlogon.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\winlogon.exe[760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\winlogon.exe[760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\winlogon.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\winlogon.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\winlogon.exe[760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\winlogon.exe[760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\winlogon.exe[760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\winlogon.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\winlogon.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\winlogon.exe[760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\winlogon.exe[760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\winlogon.exe[760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\services.exe[804] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\services.exe[804] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\services.exe[804] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\services.exe[804] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\services.exe[804] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\services.exe[804] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\services.exe[804] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\lsass.exe[816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\lsass.exe[816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\lsass.exe[816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\lsass.exe[816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00160030 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0016006C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F01D4 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F00E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0120 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F015C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0198 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F0030 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F006C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F00A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004400E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00440120 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004400A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00440030 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] USER32.dll!UnhookWinEvent 7E4318AC 3 Bytes JMP 0044006C .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[884] USER32.dll!UnhookWinEvent + 4 7E4318B0 1 Byte [82] .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\Common Files\efax\Dllcmd32.exe[1032] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\Program Files\Common Files\efax\Dllcmd32.exe[1032] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\Program Files\Common Files\efax\Dllcmd32.exe[1032] user32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4 .text C:\Program Files\Common Files\efax\Dllcmd32.exe[1032] user32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120 .text C:\Program Files\Common Files\efax\Dllcmd32.exe[1032] user32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8 .text C:\Program Files\Common Files\efax\Dllcmd32.exe[1032] user32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030 .text C:\Program Files\Common Files\efax\Dllcmd32.exe[1032] user32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 006500E4 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00650120 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 006500A8 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00650030 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0065006C .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 006601D4 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 006600E4 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00660120 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0066015C .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00660198 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00660030 .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0066006C .text C:\Program Files\Caere\PageKeeper30\system\PKJobs.exe[1124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 006600A8 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030 .text C:\Program Files\Kari's Zips\WinZip\WZQKPICK.EXE[1140] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C .text C:\Documents and Settings\Kris Christianson\desktop\gmer.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Documents and Settings\Kris Christianson\desktop\gmer.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F01D4 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F00E4 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0120 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F015C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0198 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F0030 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F006C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F00A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9B01 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD125 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254664 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004A00A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004A0030 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004A006C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBB8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E547F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe[1172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe[1172] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4 .text C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe[1172] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120 .text C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe[1172] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8 .text C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe[1172] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030 .text C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe[1172] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\svchost.exe[1180] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\svchost.exe[1180] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKSlapi.exe[1384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1432] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Caere\PageKeeper30\SYSTEM\PKTOPASS.EXE[1460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1572] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\WINDOWS\Explorer.EXE[1728] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\Explorer.EXE[1728] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\Explorer.EXE[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\Explorer.EXE[1728] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\Explorer.EXE[1728] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120 .text C:\WINDOWS\Explorer.EXE[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C .text C:\WINDOWS\Explorer.EXE[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198 .text C:\WINDOWS\Explorer.EXE[1728] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030 .text C:\WINDOWS\Explorer.EXE[1728] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C .text C:\WINDOWS\Explorer.EXE[1728] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\Explorer.EXE[1728] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4 .text C:\WINDOWS\Explorer.EXE[1728] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120 .text C:\WINDOWS\Explorer.EXE[1728] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8 .text C:\WINDOWS\Explorer.EXE[1728] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030 .text C:\WINDOWS\Explorer.EXE[1728] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F01D4 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F00E4 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0120 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F015C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0198 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F0030 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F006C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F00A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154BD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004A00E4 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB5C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004A0120 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004A00A8 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004A0030 .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004A006C .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5117 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E5049 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E50B4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4F1A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4F7C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E517A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1752] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4FDE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030 .text C:\Program Files\Java\jre6\bin\jucheck.exe[1832] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[1864] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B00E4 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0120 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B00A8 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B0030 .text C:\Program Files\Java\jre6\bin\jusched.exe[1908] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B006C .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\iTunes\iTunesHelper.exe[2028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030 .text C:\Program Files\iTunes\iTunesHelper.exe[2028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C .text C:\WINDOWS\system32\ctfmon.exe[2044] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030 .text C:\WINDOWS\system32\ctfmon.exe[2044] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C .text C:\WINDOWS\system32\ctfmon.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\system32\ctfmon.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\ctfmon.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\ctfmon.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C .text C:\WINDOWS\system32\ctfmon.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198 .text C:\WINDOWS\system32\ctfmon.exe[2044] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\ctfmon.exe[2044] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\ctfmon.exe[2044] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\ctfmon.exe[2044] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4 .text C:\WINDOWS\system32\ctfmon.exe[2044] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120 .text C:\WINDOWS\system32\ctfmon.exe[2044] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8 .text C:\WINDOWS\system32\ctfmon.exe[2044] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030 .text C:\WINDOWS\system32\ctfmon.exe[2044] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C .text C:\WINDOWS\system32\wuauclt.exe[2136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A0030 .text C:\WINDOWS\system32\wuauclt.exe[2136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A006C .text C:\WINDOWS\system32\wuauclt.exe[2136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\system32\wuauclt.exe[2136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\wuauclt.exe[2136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\wuauclt.exe[2136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C .text C:\WINDOWS\system32\wuauclt.exe[2136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198 .text C:\WINDOWS\system32\wuauclt.exe[2136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\wuauclt.exe[2136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\wuauclt.exe[2136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\wuauclt.exe[2136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4 .text C:\WINDOWS\system32\wuauclt.exe[2136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120 .text C:\WINDOWS\system32\wuauclt.exe[2136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8 .text C:\WINDOWS\system32\wuauclt.exe[2136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030 .text C:\WINDOWS\system32\wuauclt.exe[2136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C .text C:\WINDOWS\system32\spoolsv.exe[2216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\spoolsv.exe[2216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\spoolsv.exe[2216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\spoolsv.exe[2216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\spoolsv.exe[2216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\spoolsv.exe[2216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\spoolsv.exe[2216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\spoolsv.exe[2216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\spoolsv.exe[2216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\spoolsv.exe[2216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\spoolsv.exe[2216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\spoolsv.exe[2216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\spoolsv.exe[2216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\spoolsv.exe[2216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\spoolsv.exe[2216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\WINDOWS\explorer.exe[2256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\explorer.exe[2256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\explorer.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\explorer.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\explorer.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120 .text C:\WINDOWS\explorer.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C .text C:\WINDOWS\explorer.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198 .text C:\WINDOWS\explorer.exe[2256] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030 .text C:\WINDOWS\explorer.exe[2256] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C .text C:\WINDOWS\explorer.exe[2256] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\explorer.exe[2256] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D00E4 .text C:\WINDOWS\explorer.exe[2256] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0120 .text C:\WINDOWS\explorer.exe[2256] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D00A8 .text C:\WINDOWS\explorer.exe[2256] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D0030 .text C:\WINDOWS\explorer.exe[2256] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D006C .text C:\WINDOWS\System32\alg.exe[2484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\alg.exe[2484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\alg.exe[2484] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\alg.exe[2484] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\alg.exe[2484] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\alg.exe[2484] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\alg.exe[2484] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\alg.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\System32\alg.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\alg.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\alg.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C015C .text C:\WINDOWS\System32\alg.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0198 .text C:\WINDOWS\System32\alg.exe[2484] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\alg.exe[2484] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C006C .text C:\WINDOWS\System32\alg.exe[2484] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[2572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[2572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[2572] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[2572] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[2572] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[2572] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[2572] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[2572] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030 .text C:\Program Files\Bonjour\mDNSResponder.exe[2636] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C .text C:\WINDOWS\system32\svchost.exe[2976] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[2976] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[2976] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[2976] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[2976] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[2976] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[2976] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[2976] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[3000] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C .text C:\WINDOWS\System32\svchost.exe[3064] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\svchost.exe[3064] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\svchost.exe[3064] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\System32\svchost.exe[3064] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\svchost.exe[3064] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\svchost.exe[3064] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\System32\svchost.exe[3064] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\System32\svchost.exe[3064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\svchost.exe[3064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\svchost.exe[3064] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\svchost.exe[3064] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\svchost.exe[3064] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\svchost.exe[3064] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\System32\svchost.exe[3064] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\svchost.exe[3064] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A00E4 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0120 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A00A8 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A0030 .text C:\Program Files\Java\jre6\bin\jqs.exe[3232] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A006C .text C:\WINDOWS\System32\svchost.exe[3388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\svchost.exe[3388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\svchost.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\System32\svchost.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\svchost.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\svchost.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\System32\svchost.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\System32\svchost.exe[3388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\svchost.exe[3388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\svchost.exe[3388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\svchost.exe[3388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\svchost.exe[3388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\svchost.exe[3388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\System32\svchost.exe[3388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\svchost.exe[3388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\nvsvc32.exe[3448] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\nvsvc32.exe[3448] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\nvsvc32.exe[3448] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\nvsvc32.exe[3448] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380120 .text C:\WINDOWS\system32\nvsvc32.exe[3448] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\nvsvc32.exe[3448] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\nvsvc32.exe[3448] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\nvsvc32.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003901D4 .text C:\WINDOWS\system32\nvsvc32.exe[3448] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\nvsvc32.exe[3448] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\nvsvc32.exe[3448] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0039015C .text C:\WINDOWS\system32\nvsvc32.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390198 .text C:\WINDOWS\system32\nvsvc32.exe[3448] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\nvsvc32.exe[3448] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0039006C .text C:\WINDOWS\system32\nvsvc32.exe[3448] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003900A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00150030 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0015006C .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A01D4 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A00E4 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0120 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A015C .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0198 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A0030 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A006C .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[3508] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A00A8 .text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\svchost.exe[3712] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\svchost.exe[3712] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\svchost.exe[3712] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003801D4 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003800E4 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380120 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0038015C .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380198 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00380030 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038006C .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003800A8 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030 .text C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe[3744] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C .text C:\WINDOWS\system32\svchost.exe[3860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[3860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[3860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[3860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[3860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[3860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[3860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[3860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[3860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[3860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[3860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[3860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[3860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[3860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[3860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C006C .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00160030 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0016006C .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F00E4 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0120 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F00A8 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F0030 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F006C .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004101D4 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004100E4 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00410120 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0041015C .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00410198 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00410030 .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0041006C .text C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe[3884] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 004100A8 .text C:\WINDOWS\system32\fxssvc.exe[4004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00140030 .text C:\WINDOWS\system32\fxssvc.exe[4004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0014006C .text C:\WINDOWS\system32\fxssvc.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003801D4 .text C:\WINDOWS\system32\fxssvc.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003800E4 .text C:\WINDOWS\system32\fxssvc.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380120 .text C:\WINDOWS\system32\fxssvc.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 0038015C .text C:\WINDOWS\system32\fxssvc.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380198 .text C:\WINDOWS\system32\fxssvc.exe[4004] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00380030 .text C:\WINDOWS\system32\fxssvc.exe[4004] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 0038006C .text C:\WINDOWS\system32\fxssvc.exe[4004] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003800A8 .text C:\WINDOWS\system32\fxssvc.exe[4004] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003900E4 .text C:\WINDOWS\system32\fxssvc.exe[4004] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390120 .text C:\WINDOWS\system32\fxssvc.exe[4004] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003900A8 .text C:\WINDOWS\system32\fxssvc.exe[4004] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00390030 .text C:\WINDOWS\system32\fxssvc.exe[4004] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 0039006C ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002 IAT C:\WINDOWS\system32\services.exe[804] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000 IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1164] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device EFD24D20 AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midimapper midimap.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.imaadpcm imaadp32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msadpcm msadp32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg711 msg711.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msgsm610 msgsm32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.trspch tssoft32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.cvid iccvid.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.I420 msh263.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv31 ir32_32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv32 ir32_32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv41 ir41_32.ax Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.IYUV iyuv_32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.mrle msrle32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.msvc msvidc32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.UYVY msyuv.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YUY2 msyuv.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVU9 tsbyuv.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@VIDC.YVYU msyuv.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wavemapper msacm32.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msg723 msg723.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.M263 msh263.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.M261 msh261.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.msaudio1 msaud32.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.sl_anet sl_anet.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.iv50 ir50_32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.l3acm C:\WINDOWS\system32\l3codecp.acm Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@vidc.tscc tsccvid.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux1 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@aux2 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi2 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer2 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave2 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@wave1 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@midi1 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@mixer1 wdmaud.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@msacm.siren sirenacm.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32@MSVideo8 VfWWDM32.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wave rdpsnd.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@mixer rdpsnd.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@MaxBandwidth 22201 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@wavemapper msacm32.drv Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@EnableMP3Codec 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\Terminal Server\RDP@midimapper midimap.dll Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@NoPopUpsOnBoot 1 ---- Files - GMER 1.0.15 ---- File C:\## aswSnx private storage 0 bytes File C:\## aswSnx private storage\snx_rhive 262144 bytes File C:\## aswSnx private storage\snx_rhive.LOG 1024 bytes File C:\## aswSnx private storage\webStorage 0 bytes File C:\## aswSnx private storage\webStorage\attrib 0 bytes File C:\## aswSnx private storage\webStorage\image 0 bytes File C:\## aswSnx private storage\webStorage\snx_fs.dat 180 bytes ---- EOF - GMER 1.0.15 ----