GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-01 18:50:39
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Brabi\LOCALS~1\Temp\pwncifoc.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwClose [0xA8AE16B8]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwCreateFile [0xA8E49868]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwCreateKey [0xA8AE1574]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwCreateProcess [0xA8E48E90]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwCreateProcessEx [0xA8E48D9C]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwCreateThread [0xA8E493FC]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwDeleteFile [0xA8E4A210]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwDeleteKey [0xA8E46786]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwDeleteValueKey [0xA8AE1A52]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwDuplicateObject [0xA8AE114C]
SSDT            \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.)     ZwLoadDriver [0xBAA3A01C]
SSDT            \SystemRoot\system32\drivers\sbhips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software, Inc.)     ZwMapViewOfSection [0xBAA3A168]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwOpenFile [0xA8E49B54]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwOpenKey [0xA8AE164E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwOpenProcess [0xA8AE108C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwOpenThread [0xA8AE10F0]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwQueryValueKey [0xA8AE176E]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwRestoreKey [0xA8AE172E]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwResumeThread [0xA8E494EC]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwSetInformationFile [0xA8E49E8C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                                           ZwSetValueKey [0xA8AE18AE]
SSDT            \SystemRoot\system32\drivers\SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)                                 ZwWriteFile [0xA8E49DE0]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!VirtualProtectEx                                             7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!VirtualProtect                                               7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!WriteProcessMemory                                           7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!CreateProcessW                                               7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!CreateProcessA                                               7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!VirtualAlloc                                                 7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!VirtualAllocEx                                               7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!CreateRemoteThread                                           7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!CreateThread                                                 7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!CreateProcessInternalW                                       7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!CreateProcessInternalA                                       7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!WinExec                                                      7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] kernel32.dll!SetThreadContext                                             7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] WININET.dll!InternetConnectA                                              40C1DEAE 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] WININET.dll!InternetConnectW                                              40C1F862 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] WININET.dll!InternetOpenA                                                 40C2D690 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] WININET.dll!InternetOpenW                                                 40C2DB09 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] WININET.dll!InternetOpenUrlA                                              40C2F3A4 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] WININET.dll!InternetOpenUrlW                                              40C76DDF 5 Bytes  JMP 00130EC8 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!VirtualProtectEx                                                     7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!VirtualProtect                                                       7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!WriteProcessMemory                                                   7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!CreateProcessW                                                       7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!CreateProcessA                                                       7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!VirtualAlloc                                                         7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!VirtualAllocEx                                                       7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!CreateRemoteThread                                                   7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!CreateThread                                                         7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!CreateProcessInternalW                                               7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!CreateProcessInternalA                                               7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!WinExec                                                              7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] kernel32.dll!SetThreadContext                                                     7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] USER32.dll!SetWindowsHookExW                                                      7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] USER32.dll!SetWindowsHookExA                                                      7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] WS2_32.dll!socket                                                                 71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] WS2_32.dll!bind                                                                   71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Tclock_2_2_9\TClock.exe[504] WS2_32.dll!connect                                                                71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!VirtualProtectEx                                          7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!VirtualProtect                                            7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!WriteProcessMemory                                        7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!CreateProcessW                                            7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!CreateProcessA                                            7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!VirtualAlloc                                              7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!VirtualAllocEx                                            7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!CreateRemoteThread                                        7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!CreateThread                                              7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!CreateProcessInternalW                                    7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!CreateProcessInternalA                                    7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!WinExec                                                   7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] kernel32.dll!SetThreadContext                                          7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] USER32.dll!SetWindowsHookExW                                           7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] USER32.dll!SetWindowsHookExA                                           7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] WS2_32.dll!socket                                                      71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] WS2_32.dll!bind                                                        71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[532] WS2_32.dll!connect                                                     71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!VirtualProtectEx                                           7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!VirtualProtect                                             7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!WriteProcessMemory                                         7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!CreateProcessW                                             7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!CreateProcessA                                             7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!VirtualAlloc                                               7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!VirtualAllocEx                                             7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!CreateRemoteThread                                         7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!CreateThread                                               7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!CreateProcessInternalW                                     7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!CreateProcessInternalA                                     7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!WinExec                                                    7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] kernel32.dll!SetThreadContext                                           7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] USER32.dll!SetWindowsHookExW                                            7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] USER32.dll!SetWindowsHookExA                                            7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] WS2_32.dll!socket                                                       71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] WS2_32.dll!bind                                                         71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Alwil Software\Avast4\ashServ.exe[584] WS2_32.dll!connect                                                      71A94A07 5 Bytes  JMP 00130950 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!VirtualProtectEx                                                              7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!VirtualProtect                                                                7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!WriteProcessMemory                                                            7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!CreateProcessW                                                                7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!CreateProcessA                                                                7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!VirtualAlloc                                                                  7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!VirtualAllocEx                                                                7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!CreateRemoteThread                                                            7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!CreateThread                                                                  7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!CreateProcessInternalW                                                        7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!CreateProcessInternalA                                                        7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!WinExec                                                                       7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\spoolsv.exe[704] kernel32.dll!SetThreadContext                                                              7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\spoolsv.exe[704] USER32.dll!SetWindowsHookExW                                                               7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\spoolsv.exe[704] USER32.dll!SetWindowsHookExA                                                               7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\spoolsv.exe[704] WS2_32.dll!socket                                                                          71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\spoolsv.exe[704] WS2_32.dll!bind                                                                            71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\spoolsv.exe[704] WS2_32.dll!connect                                                                         71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1004] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetConnectA                                                              40C1DEAE 5 Bytes  JMP 00080F54 
.text           C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetConnectW                                                              40C1F862 5 Bytes  JMP 00080FE0 
.text           C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenA                                                                 40C2D690 5 Bytes  JMP 00080D24 
.text           C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenW                                                                 40C2DB09 5 Bytes  JMP 00080DB0 
.text           C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenUrlA                                                              40C2F3A4 5 Bytes  JMP 00080E3C 
.text           C:\WINDOWS\system32\svchost.exe[1004] WININET.dll!InternetOpenUrlW                                                              40C76DDF 5 Bytes  JMP 00080EC8 
.text           C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!socket                                                                         71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!bind                                                                           71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1004] WS2_32.dll!connect                                                                        71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!VirtualProtectEx                                                                     7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!VirtualProtect                                                                       7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!WriteProcessMemory                                                                   7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateProcessW                                                                       7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateProcessA                                                                       7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!VirtualAlloc                                                                         7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!VirtualAllocEx                                                                       7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateRemoteThread                                                                   7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateThread                                                                         7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateProcessInternalW                                                               7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!CreateProcessInternalA                                                               7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!WinExec                                                                              7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\Explorer.EXE[1040] kernel32.dll!SetThreadContext                                                                     7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\Explorer.EXE[1040] USER32.dll!SetWindowsHookExW                                                                      7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\Explorer.EXE[1040] USER32.dll!SetWindowsHookExA                                                                      7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\Explorer.EXE[1040] WININET.dll!InternetConnectA                                                                      40C1DEAE 5 Bytes  JMP 00080F54 
.text           C:\WINDOWS\Explorer.EXE[1040] WININET.dll!InternetConnectW                                                                      40C1F862 5 Bytes  JMP 00080FE0 
.text           C:\WINDOWS\Explorer.EXE[1040] WININET.dll!InternetOpenA                                                                         40C2D690 5 Bytes  JMP 00080D24 
.text           C:\WINDOWS\Explorer.EXE[1040] WININET.dll!InternetOpenW                                                                         40C2DB09 5 Bytes  JMP 00080DB0 
.text           C:\WINDOWS\Explorer.EXE[1040] WININET.dll!InternetOpenUrlA                                                                      40C2F3A4 5 Bytes  JMP 00080E3C 
.text           C:\WINDOWS\Explorer.EXE[1040] WININET.dll!InternetOpenUrlW                                                                      40C76DDF 5 Bytes  JMP 00080EC8 
.text           C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!socket                                                                                 71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!bind                                                                                   71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\Explorer.EXE[1040] WS2_32.dll!connect                                                                                71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!VirtualProtectEx                        7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!VirtualProtect                          7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!WriteProcessMemory                      7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!CreateProcessW                          7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!CreateProcessA                          7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!VirtualAlloc                            7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!VirtualAllocEx                          7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!CreateRemoteThread                      7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!CreateThread                            7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!CreateProcessInternalW                  7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!CreateProcessInternalA                  7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!WinExec                                 7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] kernel32.dll!SetThreadContext                        7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] USER32.dll!SetWindowsHookExW                         7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe[1244] USER32.dll!SetWindowsHookExA                         7E381211 5 Bytes  JMP 00130720 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!VirtualProtectEx                                                               7C801A61 5 Bytes  JMP 001601A8 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!VirtualProtect                                                                 7C801AD4 5 Bytes  JMP 00160090 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!WriteProcessMemory                                                             7C802213 5 Bytes  JMP 00160694 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!CreateProcessW                                                                 7C802336 5 Bytes  JMP 001602C0 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!CreateProcessA                                                                 7C80236B 5 Bytes  JMP 00160234 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!VirtualAlloc                                                                   7C809AF1 5 Bytes  JMP 00160004 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!VirtualAllocEx                                                                 7C809B12 5 Bytes  JMP 0016011C 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!CreateRemoteThread                                                             7C8104CC 5 Bytes  JMP 001604F0 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!CreateThread                                                                   7C8106D7 5 Bytes  JMP 0016057C 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!CreateProcessInternalW                                                         7C8197B0 5 Bytes  JMP 001603D8 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!CreateProcessInternalA                                                         7C81D54E 5 Bytes  JMP 0016034C 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!WinExec                                                                        7C86250D 5 Bytes  JMP 00160464 
.text           C:\WINDOWS\system32\csrss.exe[1260] KERNEL32.dll!SetThreadContext                                                               7C863C09 5 Bytes  JMP 00160608 
.text           C:\WINDOWS\system32\csrss.exe[1260] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 001607AC 
.text           C:\WINDOWS\system32\csrss.exe[1260] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 00160720 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!VirtualProtectEx                                                            7C801A61 5 Bytes  JMP 000701A8 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!VirtualProtect                                                              7C801AD4 5 Bytes  JMP 00070090 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!WriteProcessMemory                                                          7C802213 5 Bytes  JMP 00070694 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!CreateProcessW                                                              7C802336 5 Bytes  JMP 000702C0 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!CreateProcessA                                                              7C80236B 5 Bytes  JMP 00070234 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!VirtualAlloc                                                                7C809AF1 5 Bytes  JMP 00070004 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!VirtualAllocEx                                                              7C809B12 5 Bytes  JMP 0007011C 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!CreateRemoteThread                                                          7C8104CC 5 Bytes  JMP 000704F0 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!CreateThread                                                                7C8106D7 5 Bytes  JMP 0007057C 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!CreateProcessInternalW                                                      7C8197B0 5 Bytes  JMP 000703D8 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!CreateProcessInternalA                                                      7C81D54E 5 Bytes  JMP 0007034C 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!WinExec                                                                     7C86250D 5 Bytes  JMP 00070464 
.text           C:\WINDOWS\system32\winlogon.exe[1284] kernel32.dll!SetThreadContext                                                            7C863C09 5 Bytes  JMP 00070608 
.text           C:\WINDOWS\system32\winlogon.exe[1284] USER32.dll!SetWindowsHookExW                                                             7E37820F 5 Bytes  JMP 000707AC 
.text           C:\WINDOWS\system32\winlogon.exe[1284] USER32.dll!SetWindowsHookExA                                                             7E381211 5 Bytes  JMP 00070720 
.text           C:\WINDOWS\system32\winlogon.exe[1284] WS2_32.dll!socket                                                                        71A94211 5 Bytes  JMP 000708C4 
.text           C:\WINDOWS\system32\winlogon.exe[1284] WS2_32.dll!bind                                                                          71A94480 5 Bytes  JMP 00070838 
.text           C:\WINDOWS\system32\winlogon.exe[1284] WS2_32.dll!connect                                                                       71A94A07 5 Bytes  JMP 00070950 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!VirtualProtectEx        7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!VirtualProtect          7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!WriteProcessMemory      7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!CreateProcessW          7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!CreateProcessA          7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!VirtualAlloc            7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!VirtualAllocEx          7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!CreateRemoteThread      7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!CreateThread            7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!CreateProcessInternalW  7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!CreateProcessInternalA  7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!WinExec                 7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] kernel32.dll!SetThreadContext        7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] WININET.dll!InternetConnectA         40C1DEAE 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] WININET.dll!InternetConnectW         40C1F862 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] WININET.dll!InternetOpenA            40C2D690 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] WININET.dll!InternetOpenW            40C2DB09 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] WININET.dll!InternetOpenUrlA         40C2F3A4 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] WININET.dll!InternetOpenUrlW         40C76DDF 5 Bytes  JMP 00130EC8 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] USER32.dll!SetWindowsHookExW         7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe[1304] USER32.dll!SetWindowsHookExA         7E381211 5 Bytes  JMP 00130720 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!VirtualProtectEx                                                            7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!VirtualProtect                                                              7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!WriteProcessMemory                                                          7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!CreateProcessW                                                              7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!CreateProcessA                                                              7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!VirtualAlloc                                                                7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!VirtualAllocEx                                                              7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!CreateRemoteThread                                                          7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!CreateThread                                                                7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!CreateProcessInternalW                                                      7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!CreateProcessInternalA                                                      7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!WinExec                                                                     7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\services.exe[1328] kernel32.dll!SetThreadContext                                                            7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\services.exe[1328] USER32.dll!SetWindowsHookExW                                                             7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\services.exe[1328] USER32.dll!SetWindowsHookExA                                                             7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\services.exe[1328] WS2_32.dll!socket                                                                        71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\services.exe[1328] WS2_32.dll!bind                                                                          71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\services.exe[1328] WS2_32.dll!connect                                                                       71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!VirtualProtectEx                                                               7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!VirtualProtect                                                                 7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!WriteProcessMemory                                                             7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!CreateProcessW                                                                 7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!CreateProcessA                                                                 7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!VirtualAlloc                                                                   7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!VirtualAllocEx                                                                 7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!CreateRemoteThread                                                             7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!CreateThread                                                                   7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!CreateProcessInternalW                                                         7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!CreateProcessInternalA                                                         7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!WinExec                                                                        7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\lsass.exe[1340] kernel32.dll!SetThreadContext                                                               7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\lsass.exe[1340] USER32.dll!SetWindowsHookExW                                                                7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\lsass.exe[1340] USER32.dll!SetWindowsHookExA                                                                7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\lsass.exe[1340] WS2_32.dll!socket                                                                           71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\lsass.exe[1340] WS2_32.dll!bind                                                                             71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\lsass.exe[1340] WS2_32.dll!connect                                                                          71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1344] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!socket                                                                         71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!bind                                                                           71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1344] WS2_32.dll!connect                                                                        71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!VirtualProtectEx                7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!VirtualProtect                  7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!WriteProcessMemory              7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!CreateProcessW                  7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!CreateProcessA                  7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!VirtualAlloc                    7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!VirtualAllocEx                  7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!CreateRemoteThread              7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!CreateThread                    7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!CreateProcessInternalW          7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!CreateProcessInternalA          7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!WinExec                         7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] kernel32.dll!SetThreadContext                7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] USER32.dll!SetWindowsHookExW                 7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] USER32.dll!SetWindowsHookExA                 7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WS2_32.dll!socket                            71A94211 5 Bytes  JMP 000808C4 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WS2_32.dll!bind                              71A94480 5 Bytes  JMP 00080838 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WS2_32.dll!connect                           71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WININET.dll!InternetConnectA                 40C1DEAE 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WININET.dll!InternetConnectW                 40C1F862 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WININET.dll!InternetOpenA                    40C2D690 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WININET.dll!InternetOpenW                    40C2DB09 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WININET.dll!InternetOpenUrlA                 40C2F3A4 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe[1416] WININET.dll!InternetOpenUrlW                 40C76DDF 5 Bytes  JMP 00130EC8 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!socket                                                                         71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!bind                                                                           71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1508] WS2_32.dll!connect                                                                        71A94A07 5 Bytes  JMP 00080950 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!VirtualProtectEx                                            7C801A61 5 Bytes  JMP 001301A8 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!VirtualProtect                                              7C801AD4 5 Bytes  JMP 00130090 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!WriteProcessMemory                                          7C802213 5 Bytes  JMP 00130694 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!CreateProcessW                                              7C802336 5 Bytes  JMP 001302C0 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!CreateProcessA                                              7C80236B 5 Bytes  JMP 00130234 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!VirtualAlloc                                                7C809AF1 5 Bytes  JMP 00130004 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!VirtualAllocEx                                              7C809B12 5 Bytes  JMP 0013011C 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!CreateRemoteThread                                          7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!CreateThread                                                7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!CreateProcessInternalW                                      7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!CreateProcessInternalA                                      7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!WinExec                                                     7C86250D 5 Bytes  JMP 00130464 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] kernel32.dll!SetThreadContext                                            7C863C09 5 Bytes  JMP 00130608 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 001307AC 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe[1572] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 00130720 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\svchost.exe[1584] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\svchost.exe[1584] WS2_32.dll!socket                                                                         71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1584] WS2_32.dll!bind                                                                           71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1584] WS2_32.dll!connect                                                                        71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!VirtualProtectEx                                                 7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!VirtualProtect                                                   7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!WriteProcessMemory                                               7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!CreateProcessW                                                   7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!CreateProcessA                                                   7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!VirtualAlloc                                                     7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!VirtualAllocEx                                                   7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!CreateRemoteThread                                               7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!CreateThread                                                     7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!CreateProcessInternalW                                           7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!CreateProcessInternalA                                           7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!WinExec                                                          7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] kernel32.dll!SetThreadContext                                                 7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] USER32.dll!SetWindowsHookExW                                                  7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[1632] USER32.dll!SetWindowsHookExA                                                  7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!VirtualProtectEx                                  7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!VirtualProtect                                    7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!WriteProcessMemory                                7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!CreateProcessW                                    7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!CreateProcessA                                    7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!VirtualAlloc                                      7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!VirtualAllocEx                                    7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!CreateRemoteThread                                7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!CreateThread                                      7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!CreateProcessInternalW                            7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!CreateProcessInternalA                            7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!WinExec                                           7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] kernel32.dll!SetThreadContext                                  7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] USER32.dll!SetWindowsHookExW                                   7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1648] USER32.dll!SetWindowsHookExA                                   7E381211 5 Bytes  JMP 00130720 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!VirtualProtectEx                                            7C801A61 5 Bytes  JMP 001301A8 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!VirtualProtect                                              7C801AD4 5 Bytes  JMP 00130090 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!WriteProcessMemory                                          7C802213 5 Bytes  JMP 00130694 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!CreateProcessW                                              7C802336 5 Bytes  JMP 001302C0 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!CreateProcessA                                              7C80236B 5 Bytes  JMP 00130234 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!VirtualAlloc                                                7C809AF1 5 Bytes  JMP 00130004 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!VirtualAllocEx                                              7C809B12 5 Bytes  JMP 0013011C 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!CreateRemoteThread                                          7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!CreateThread                                                7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!CreateProcessInternalW                                      7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!CreateProcessInternalA                                      7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!WinExec                                                     7C86250D 5 Bytes  JMP 00130464 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] kernel32.dll!SetThreadContext                                            7C863C09 5 Bytes  JMP 00130608 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 001307AC 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 00130720 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] wininet.dll!InternetConnectA                                             40C1DEAE 5 Bytes  JMP 00130F54 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] wininet.dll!InternetConnectW                                             40C1F862 5 Bytes  JMP 00130FE0 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] wininet.dll!InternetOpenA                                                40C2D690 5 Bytes  JMP 00130D24 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] wininet.dll!InternetOpenW                                                40C2DB09 5 Bytes  JMP 00130DB0 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] wininet.dll!InternetOpenUrlA                                             40C2F3A4 5 Bytes  JMP 00130E3C 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] wininet.dll!InternetOpenUrlW                                             40C76DDF 5 Bytes  JMP 00130EC8 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] WS2_32.dll!socket                                                        71A94211 5 Bytes  JMP 001308C4 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] WS2_32.dll!bind                                                          71A94480 5 Bytes  JMP 00130838 
.text           C:\PROGRA~1\SPYWAR~1\SpywareTerminatorUpdate.exe[1664] WS2_32.dll!connect                                                       71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!VirtualProtectEx                                                       7C801A61 5 Bytes  JMP 000701A8 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!VirtualProtect                                                         7C801AD4 5 Bytes  JMP 00070090 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!WriteProcessMemory                                                     7C802213 5 Bytes  JMP 00070694 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!CreateProcessW                                                         7C802336 5 Bytes  JMP 000702C0 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!CreateProcessA                                                         7C80236B 5 Bytes  JMP 00070234 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!VirtualAlloc                                                           7C809AF1 5 Bytes  JMP 00070004 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!VirtualAllocEx                                                         7C809B12 5 Bytes  JMP 0007011C 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!CreateRemoteThread                                                     7C8104CC 5 Bytes  JMP 000704F0 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!CreateThread                                                           7C8106D7 5 Bytes  JMP 0007057C 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!CreateProcessInternalW                                                 7C8197B0 5 Bytes  JMP 000703D8 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!CreateProcessInternalA                                                 7C81D54E 5 Bytes  JMP 0007034C 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!WinExec                                                                7C86250D 5 Bytes  JMP 00070464 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] kernel32.dll!SetThreadContext                                                       7C863C09 5 Bytes  JMP 00070608 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] USER32.dll!SetWindowsHookExW                                                        7E37820F 5 Bytes  JMP 000707AC 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] USER32.dll!SetWindowsHookExA                                                        7E381211 5 Bytes  JMP 00070720 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WS2_32.dll!socket                                                                   71A94211 5 Bytes  JMP 000708C4 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WS2_32.dll!bind                                                                     71A94480 5 Bytes  JMP 00070838 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WS2_32.dll!connect                                                                  71A94A07 5 Bytes  JMP 00070950 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WININET.dll!InternetConnectA                                                        40C1DEAE 5 Bytes  JMP 00070F54 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WININET.dll!InternetConnectW                                                        40C1F862 5 Bytes  JMP 00070FE0 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WININET.dll!InternetOpenA                                                           40C2D690 5 Bytes  JMP 00070D24 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WININET.dll!InternetOpenW                                                           40C2DB09 5 Bytes  JMP 00070DB0 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WININET.dll!InternetOpenUrlA                                                        40C2F3A4 5 Bytes  JMP 00070E3C 
.text           C:\Program Files\Messenger\msmsgs.exe[1692] WININET.dll!InternetOpenUrlW                                                        40C76DDF 5 Bytes  JMP 00070EC8 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!VirtualProtectEx                                                    7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!VirtualProtect                                                      7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!WriteProcessMemory                                                  7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!CreateProcessW                                                      7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!CreateProcessA                                                      7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!VirtualAlloc                                                        7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!VirtualAllocEx                                                      7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!CreateRemoteThread                                                  7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!CreateThread                                                        7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!CreateProcessInternalW                                              7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!CreateProcessInternalA                                              7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!WinExec                                                             7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] kernel32.dll!SetThreadContext                                                    7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] USER32.dll!SetWindowsHookExW                                                     7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\WinFast\WFDTV\WFWIZ.exe[1712] USER32.dll!SetWindowsHookExA                                                     7E381211 5 Bytes  JMP 00130720 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!VirtualProtectEx                                                              7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!VirtualProtect                                                                7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!WriteProcessMemory                                                            7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!CreateProcessW                                                                7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!CreateProcessA                                                                7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!VirtualAlloc                                                                  7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!VirtualAllocEx                                                                7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!CreateRemoteThread                                                            7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!CreateThread                                                                  7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!CreateProcessInternalW                                                        7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!CreateProcessInternalA                                                        7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!WinExec                                                                       7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] kernel32.dll!SetThreadContext                                                              7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] USER32.dll!SetWindowsHookExW                                                               7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\ctfmon.exe[1740] USER32.dll!SetWindowsHookExA                                                               7E381211 5 Bytes  JMP 00080720 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!VirtualProtectEx                  7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!VirtualProtect                    7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!WriteProcessMemory                7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!CreateProcessW                    7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!CreateProcessA                    7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!VirtualAlloc                      7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!VirtualAllocEx                    7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!CreateRemoteThread                7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!CreateThread                      7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!CreateProcessInternalW            7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!CreateProcessInternalA            7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!WinExec                           7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] kernel32.dll!SetThreadContext                  7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] USER32.dll!SetWindowsHookExW                   7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1756] USER32.dll!SetWindowsHookExA                   7E381211 5 Bytes  JMP 00130720 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\System32\svchost.exe[1784] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\System32\svchost.exe[1784] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\System32\svchost.exe[1784] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\System32\svchost.exe[1784] WS2_32.dll!socket                                                                         71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\System32\svchost.exe[1784] WS2_32.dll!bind                                                                           71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\System32\svchost.exe[1784] WS2_32.dll!connect                                                                        71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\System32\svchost.exe[1784] WININET.dll!InternetConnectA                                                              40C1DEAE 5 Bytes  JMP 00080F54 
.text           C:\WINDOWS\System32\svchost.exe[1784] WININET.dll!InternetConnectW                                                              40C1F862 5 Bytes  JMP 00080FE0 
.text           C:\WINDOWS\System32\svchost.exe[1784] WININET.dll!InternetOpenA                                                                 40C2D690 5 Bytes  JMP 00080D24 
.text           C:\WINDOWS\System32\svchost.exe[1784] WININET.dll!InternetOpenW                                                                 40C2DB09 5 Bytes  JMP 00080DB0 
.text           C:\WINDOWS\System32\svchost.exe[1784] WININET.dll!InternetOpenUrlA                                                              40C2F3A4 5 Bytes  JMP 00080E3C 
.text           C:\WINDOWS\System32\svchost.exe[1784] WININET.dll!InternetOpenUrlW                                                              40C76DDF 5 Bytes  JMP 00080EC8 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1848] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\svchost.exe[1848] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\svchost.exe[1848] WS2_32.dll!socket                                                                         71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1848] WS2_32.dll!bind                                                                           71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1848] WS2_32.dll!connect                                                                        71A94A07 5 Bytes  JMP 00080950 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[1988] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\svchost.exe[1988] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\svchost.exe[1988] WS2_32.dll!socket                                                                         71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\svchost.exe[1988] WS2_32.dll!bind                                                                           71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\svchost.exe[1988] WS2_32.dll!connect                                                                        71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!VirtualProtectEx                             7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!VirtualProtect                               7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!WriteProcessMemory                           7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!CreateProcessW                               7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!CreateProcessA                               7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!VirtualAlloc                                 7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!VirtualAllocEx                               7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!CreateRemoteThread                           7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!CreateThread                                 7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!CreateProcessInternalW                       7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!CreateProcessInternalA                       7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!WinExec                                      7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] kernel32.dll!SetThreadContext                             7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] USER32.dll!SetWindowsHookExW                              7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2136] USER32.dll!SetWindowsHookExA                              7E381211 5 Bytes  JMP 00130720 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\wuauclt.exe[2224] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!VirtualProtectEx                            7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!VirtualProtect                              7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!WriteProcessMemory                          7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!CreateProcessW                              7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!CreateProcessA                              7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!VirtualAlloc                                7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!VirtualAllocEx                              7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!CreateRemoteThread                          7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!CreateThread                                7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!CreateProcessInternalW                      7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!CreateProcessInternalA                      7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!WinExec                                     7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] kernel32.dll!SetThreadContext                            7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] USER32.dll!SetWindowsHookExW                             7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe[2280] USER32.dll!SetWindowsHookExA                             7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!VirtualProtectEx                      7C801A61 5 Bytes  JMP 000701A8 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!VirtualProtect                        7C801AD4 5 Bytes  JMP 00070090 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!WriteProcessMemory                    7C802213 5 Bytes  JMP 00070694 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!CreateProcessW                        7C802336 5 Bytes  JMP 000702C0 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!CreateProcessA                        7C80236B 5 Bytes  JMP 00070234 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!VirtualAlloc                          7C809AF1 5 Bytes  JMP 00070004 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!VirtualAllocEx                        7C809B12 5 Bytes  JMP 0007011C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!CreateRemoteThread                    7C8104CC 5 Bytes  JMP 000704F0 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!CreateThread                          7C8106D7 5 Bytes  JMP 0007057C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!CreateProcessInternalW                7C8197B0 5 Bytes  JMP 000703D8 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!CreateProcessInternalA                7C81D54E 5 Bytes  JMP 0007034C 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!WinExec                               7C86250D 5 Bytes  JMP 00070464 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] kernel32.dll!SetThreadContext                      7C863C09 5 Bytes  JMP 00070608 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] USER32.dll!SetWindowsHookExW                       7E37820F 5 Bytes  JMP 000707AC 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] USER32.dll!SetWindowsHookExA                       7E381211 5 Bytes  JMP 00070720 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] WS2_32.dll!socket                                  71A94211 5 Bytes  JMP 000708C4 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] WS2_32.dll!bind                                    71A94480 5 Bytes  JMP 00070838 
.text           C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[2320] WS2_32.dll!connect                                 71A94A07 5 Bytes  JMP 00070950 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!VirtualProtectEx                             7C801A61 5 Bytes  JMP 000301A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!VirtualProtect                               7C801AD4 5 Bytes  JMP 00030090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!WriteProcessMemory                           7C802213 5 Bytes  JMP 00030694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!CreateProcessW                               7C802336 5 Bytes  JMP 000302C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!CreateProcessA                               7C80236B 5 Bytes  JMP 00030234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!VirtualAlloc                                 7C809AF1 5 Bytes  JMP 00030004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!VirtualAllocEx                               7C809B12 5 Bytes  JMP 0003011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!CreateRemoteThread                           7C8104CC 5 Bytes  JMP 000304F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!CreateThread                                 7C8106D7 5 Bytes  JMP 0003057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!CreateProcessInternalW                       7C8197B0 5 Bytes  JMP 000303D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!CreateProcessInternalA                       7C81D54E 5 Bytes  JMP 0003034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!WinExec                                      7C86250D 5 Bytes  JMP 00030464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] kernel32.dll!SetThreadContext                             7C863C09 5 Bytes  JMP 00030608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] USER32.dll!SetWindowsHookExW                              7E37820F 5 Bytes  JMP 000307AC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] USER32.dll!SetWindowsHookExA                              7E381211 5 Bytes  JMP 00030720 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WS2_32.dll!socket                                         71A94211 5 Bytes  JMP 000808C4 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WS2_32.dll!bind                                           71A94480 5 Bytes  JMP 00080838 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WS2_32.dll!connect                                        71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WININET.dll!InternetConnectA                              40C1DEAE 5 Bytes  JMP 00030F54 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WININET.dll!InternetConnectW                              40C1F862 5 Bytes  JMP 00030FE0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WININET.dll!InternetOpenA                                 40C2D690 5 Bytes  JMP 00030D24 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WININET.dll!InternetOpenW                                 40C2DB09 5 Bytes  JMP 00030DB0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WININET.dll!InternetOpenUrlA                              40C2F3A4 5 Bytes  JMP 00030E3C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe[2404] WININET.dll!InternetOpenUrlW                              40C76DDF 5 Bytes  JMP 00030EC8 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!VirtualProtectEx                                     7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!VirtualProtect                                       7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!WriteProcessMemory                                   7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!CreateProcessW                                       7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!CreateProcessA                                       7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!VirtualAlloc                                         7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!VirtualAllocEx                                       7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!CreateRemoteThread                                   7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!CreateThread                                         7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!CreateProcessInternalW                               7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!CreateProcessInternalA                               7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!WinExec                                              7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] kernel32.dll!SetThreadContext                                     7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] USER32.dll!SetWindowsHookExW                                      7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] USER32.dll!SetWindowsHookExA                                      7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] WININET.dll!InternetConnectA                                      40C1DEAE 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] WININET.dll!InternetConnectW                                      40C1F862 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] WININET.dll!InternetOpenA                                         40C2D690 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] WININET.dll!InternetOpenW                                         40C2DB09 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] WININET.dll!InternetOpenUrlA                                      40C2F3A4 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] WININET.dll!InternetOpenUrlW                                      40C76DDF 5 Bytes  JMP 00130EC8 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] ws2_32.dll!socket                                                 71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] ws2_32.dll!bind                                                   71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Common Files\Teleca Shared\Generic.exe[2524] ws2_32.dll!connect                                                71A94A07 5 Bytes  JMP 00130950 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!VirtualProtectEx                                                                 7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!VirtualProtect                                                                   7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!WriteProcessMemory                                                               7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!CreateProcessW                                                                   7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!CreateProcessA                                                                   7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!VirtualAlloc                                                                     7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!VirtualAllocEx                                                                   7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!CreateRemoteThread                                                               7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!CreateThread                                                                     7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!CreateProcessInternalW                                                           7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!CreateProcessInternalA                                                           7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!WinExec                                                                          7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\System32\alg.exe[2724] kernel32.dll!SetThreadContext                                                                 7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\System32\alg.exe[2724] USER32.dll!SetWindowsHookExW                                                                  7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\System32\alg.exe[2724] USER32.dll!SetWindowsHookExA                                                                  7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\System32\alg.exe[2724] WS2_32.dll!socket                                                                             71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\System32\alg.exe[2724] WS2_32.dll!bind                                                                               71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\System32\alg.exe[2724] WS2_32.dll!connect                                                                            71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!VirtualProtectEx                                            7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!VirtualProtect                                              7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!WriteProcessMemory                                          7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!CreateProcessW                                              7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!CreateProcessA                                              7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!VirtualAlloc                                                7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!VirtualAllocEx                                              7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!CreateRemoteThread                                          7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!CreateThread                                                7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!CreateProcessInternalW                                      7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!CreateProcessInternalA                                      7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!WinExec                                                     7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] kernel32.dll!SetThreadContext                                            7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] USER32.dll!SetWindowsHookExW                                             7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Spyware Terminator\sp_rsser.exe[2772] USER32.dll!SetWindowsHookExA                                             7E381211 5 Bytes  JMP 00130720 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!VirtualProtectEx                                                             7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!VirtualProtect                                                               7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!WriteProcessMemory                                                           7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!CreateProcessW                                                               7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!CreateProcessA                                                               7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!VirtualAlloc                                                                 7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!VirtualAllocEx                                                               7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!CreateRemoteThread                                                           7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!CreateThread                                                                 7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!CreateProcessInternalW                                                       7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!CreateProcessInternalA                                                       7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!WinExec                                                                      7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\svchost.exe[2816] kernel32.dll!SetThreadContext                                                             7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\svchost.exe[2816] USER32.dll!SetWindowsHookExW                                                              7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\svchost.exe[2816] USER32.dll!SetWindowsHookExA                                                              7E381211 5 Bytes  JMP 00080720 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!VirtualProtectEx                                7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!VirtualProtect                                  7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!WriteProcessMemory                              7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!CreateProcessW                                  7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!CreateProcessA                                  7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!VirtualAlloc                                    7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!VirtualAllocEx                                  7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!CreateRemoteThread                              7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!CreateThread                                    7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!CreateProcessInternalW                          7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!CreateProcessInternalA                          7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!WinExec                                         7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2924] kernel32.dll!SetThreadContext                                7C863C09 5 Bytes  JMP 00130608 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!VirtualProtectEx                                             7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!VirtualProtect                                               7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!WriteProcessMemory                                           7C802213 5 Bytes  JMP 00130694 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!CreateProcessW                                               7C802336 5 Bytes  JMP 001302C0 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!CreateProcessA                                               7C80236B 5 Bytes  JMP 00130234 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!VirtualAlloc                                                 7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!VirtualAllocEx                                               7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!CreateRemoteThread                                           7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!CreateThread                                                 7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!CreateProcessInternalW                                       7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!CreateProcessInternalA                                       7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!WinExec                                                      7C86250D 5 Bytes  JMP 00130464 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] kernel32.dll!SetThreadContext                                             7C863C09 5 Bytes  JMP 00130608 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] USER32.dll!SetWindowsHookExW                                              7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Documents and Settings\Brabi\Plocha\gmer.exe[3192] USER32.dll!SetWindowsHookExA                                              7E381211 5 Bytes  JMP 00130720 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!VirtualProtectEx                                                       7C801A61 5 Bytes  JMP 000801A8 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!VirtualProtect                                                         7C801AD4 5 Bytes  JMP 00080090 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!WriteProcessMemory                                                     7C802213 5 Bytes  JMP 00080694 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!CreateProcessW                                                         7C802336 5 Bytes  JMP 000802C0 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!CreateProcessA                                                         7C80236B 5 Bytes  JMP 00080234 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!VirtualAlloc                                                           7C809AF1 5 Bytes  JMP 00080004 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!VirtualAllocEx                                                         7C809B12 5 Bytes  JMP 0008011C 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!CreateRemoteThread                                                     7C8104CC 5 Bytes  JMP 000804F0 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!CreateThread                                                           7C8106D7 5 Bytes  JMP 0008057C 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!CreateProcessInternalW                                                 7C8197B0 5 Bytes  JMP 000803D8 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!CreateProcessInternalA                                                 7C81D54E 5 Bytes  JMP 0008034C 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!WinExec                                                                7C86250D 5 Bytes  JMP 00080464 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] kernel32.dll!SetThreadContext                                                       7C863C09 5 Bytes  JMP 00080608 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] USER32.dll!SetWindowsHookExW                                                        7E37820F 5 Bytes  JMP 000807AC 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] USER32.dll!SetWindowsHookExA                                                        7E381211 5 Bytes  JMP 00080720 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] WS2_32.dll!socket                                                                   71A94211 5 Bytes  JMP 000808C4 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] WS2_32.dll!bind                                                                     71A94480 5 Bytes  JMP 00080838 
.text           C:\WINDOWS\system32\wbem\wmiapsrv.exe[3224] WS2_32.dll!connect                                                                  71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!VirtualProtectEx                              7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!VirtualProtect                                7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!WriteProcessMemory                            7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!CreateProcessW                                7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!CreateProcessA                                7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!VirtualAlloc                                  7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!VirtualAllocEx                                7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!CreateRemoteThread                            7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!CreateThread                                  7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!CreateProcessInternalW                        7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!CreateProcessInternalA                        7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!WinExec                                       7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] kernel32.dll!SetThreadContext                              7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] USER32.dll!SetWindowsHookExW                               7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] USER32.dll!SetWindowsHookExA                               7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] WS2_32.dll!socket                                          71A94211 5 Bytes  JMP 000808C4 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] WS2_32.dll!bind                                            71A94480 5 Bytes  JMP 00080838 
.text           C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe[3308] WS2_32.dll!connect                                         71A94A07 5 Bytes  JMP 00080950 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!VirtualProtectEx                                                7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!VirtualProtect                                                  7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!WriteProcessMemory                                              7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!CreateProcessW                                                  7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!CreateProcessA                                                  7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!VirtualAlloc                                                    7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!VirtualAllocEx                                                  7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!CreateRemoteThread                                              7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!CreateThread                                                    7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!CreateProcessInternalW                                          7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!CreateProcessInternalA                                          7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!WinExec                                                         7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] kernel32.dll!SetThreadContext                                                7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WS2_32.dll!socket                                                            71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WS2_32.dll!bind                                                              71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WS2_32.dll!connect                                                           71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] USER32.dll!SetWindowsHookExW                                                 7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] USER32.dll!SetWindowsHookExA                                                 7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WININET.dll!InternetConnectA                                                 40C1DEAE 5 Bytes  JMP 00130F54 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WININET.dll!InternetConnectW                                                 40C1F862 5 Bytes  JMP 00130FE0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WININET.dll!InternetOpenA                                                    40C2D690 5 Bytes  JMP 00130D24 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WININET.dll!InternetOpenW                                                    40C2DB09 5 Bytes  JMP 00130DB0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WININET.dll!InternetOpenUrlA                                                 40C2F3A4 5 Bytes  JMP 00130E3C 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3628] WININET.dll!InternetOpenUrlW                                                 40C76DDF 5 Bytes  JMP 00130EC8 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!VirtualProtectEx                   7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!VirtualProtect                     7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!WriteProcessMemory                 7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!CreateProcessW                     7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!CreateProcessA                     7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!VirtualAlloc                       7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!VirtualAllocEx                     7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!CreateRemoteThread                 7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!CreateThread                       7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!CreateProcessInternalW             7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!CreateProcessInternalA             7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!WinExec                            7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] kernel32.dll!SetThreadContext                   7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] USER32.dll!SetWindowsHookExW                    7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] USER32.dll!SetWindowsHookExA                    7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] ws2_32.dll!socket                               71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] ws2_32.dll!bind                                 71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe[3704] ws2_32.dll!connect                              71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!VirtualProtectEx                                         7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!VirtualProtect                                           7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!WriteProcessMemory                                       7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!CreateProcessW                                           7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!CreateProcessA                                           7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!VirtualAlloc                                             7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!VirtualAllocEx                                           7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!CreateRemoteThread                                       7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!CreateThread                                             7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!CreateProcessInternalW                                   7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!CreateProcessInternalA                                   7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!WinExec                                                  7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] kernel32.dll!SetThreadContext                                         7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] WS2_32.dll!socket                                                     71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] WS2_32.dll!bind                                                       71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] WS2_32.dll!connect                                                    71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] USER32.dll!SetWindowsHookExW                                          7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[3984] USER32.dll!SetWindowsHookExA                                          7E381211 5 Bytes  JMP 00130720 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!VirtualProtectEx                                         7C801A61 5 Bytes  JMP 001301A8 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!VirtualProtect                                           7C801AD4 5 Bytes  JMP 00130090 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!WriteProcessMemory                                       7C802213 5 Bytes  JMP 00130694 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!CreateProcessW                                           7C802336 5 Bytes  JMP 001302C0 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!CreateProcessA                                           7C80236B 5 Bytes  JMP 00130234 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!VirtualAlloc                                             7C809AF1 5 Bytes  JMP 00130004 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!VirtualAllocEx                                           7C809B12 5 Bytes  JMP 0013011C 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!CreateRemoteThread                                       7C8104CC 5 Bytes  JMP 001304F0 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!CreateThread                                             7C8106D7 5 Bytes  JMP 0013057C 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!CreateProcessInternalW                                   7C8197B0 5 Bytes  JMP 001303D8 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!CreateProcessInternalA                                   7C81D54E 5 Bytes  JMP 0013034C 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!WinExec                                                  7C86250D 5 Bytes  JMP 00130464 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] kernel32.dll!SetThreadContext                                         7C863C09 5 Bytes  JMP 00130608 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] WS2_32.dll!socket                                                     71A94211 5 Bytes  JMP 001308C4 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] WS2_32.dll!bind                                                       71A94480 5 Bytes  JMP 00130838 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] WS2_32.dll!connect                                                    71A94A07 5 Bytes  JMP 00130950 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] USER32.dll!SetWindowsHookExW                                          7E37820F 5 Bytes  JMP 001307AC 
.text           C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[4060] USER32.dll!SetWindowsHookExA                                          7E381211 5 Bytes  JMP 00130720 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]             [61139D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]               [61139C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]             [61139601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]               [61139C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject]               [61138BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]            [61139D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]              [61139C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]            [61139601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]              [61139C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject]              [61138BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA]           [61139CC3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]           [61139D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]             [61139C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]             [61139C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]           [61139601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA]             [61139218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW]             [61139218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor]                [61138B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu]             [61138AB0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx]           [61138AEE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject]              [61138BE9] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]             [61139C43] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]             [61139C83] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]           [61139601] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]           [61139D11] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA]           [61139CC3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow]              [61138C27] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx]           [61138AEE] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA]             [61139218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor]                [61138B2C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW]             [61139218] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush]           [61138BEF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[224] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu]             [61138AB0] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT             C:\WINDOWS\system32\services.exe[1328] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]                   003E0002
IAT             C:\WINDOWS\system32\services.exe[1328] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]                         003E0000

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                          aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                        SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                        aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                       SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                       aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                       SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                     SbFw.sys (Sunbelt Personal Firewall driver/Sunbelt Software, Inc.)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
