Done.
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-08-19 17:24:20
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kwldrpoc.sys
---- System - GMER 1.0.15 ----
SSDT 85217AF8 ZwAllocateVirtualMemory
SSDT 85219690 ZwCreateProcess
SSDT 85217FA8 ZwCreateProcessEx
SSDT 85217DC8 ZwCreateThread
SSDT 85217B70 ZwQueueApcThread
SSDT 85217A08 ZwReadVirtualMemory
SSDT 85217C60 ZwSetContextThread
SSDT 85217EB8 ZwSetInformationProcess
SSDT 85217CD8 ZwSetInformationThread
SSDT 85217E40 ZwSuspendProcess
SSDT 85217BE8 ZwSuspendThread
SSDT 85217F30 ZwTerminateProcess
SSDT 85217D50 ZwTerminateThread
SSDT 85217A80 ZwWriteVirtualMemory
SSDT 85217918 ZwCreateThreadEx
SSDT 85217990 ZwCreateUserProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 131 822AF894 4 Bytes [F8, 7A, 21, 85]
.text ntkrnlpa.exe!KeSetEvent + 209 822AF96C 8 Bytes [90, 96, 21, 85, A8, 7F, 21, ...] {NOP ; XCHG ESI, EAX; AND [EBP-0x7ade8058], EAX}
.text ntkrnlpa.exe!KeSetEvent + 221 822AF984 4 Bytes [C8, 7D, 21, 85] {ENTER 0x217d, 0x85}
.text ntkrnlpa.exe!KeSetEvent + 4E5 822AFC48 4 Bytes [70, 7B, 21, 85]
.text ntkrnlpa.exe!KeSetEvent + 4FD 822AFC60 4 Bytes [08, 7A, 21, 85]
.text ...
? System32\Drivers\jcbggfvh.sys A device attached to the system is not functioning. !
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe[268] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[1080] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\RtHDVCpl.exe[1156] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe[1320] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1676] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1836] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[2188] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2228] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Windows\Explorer.EXE[2452] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!DrawTextW 774D97D3 5 Bytes JMP 6605C0F9 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\Explorer.EXE[2452] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe[3020] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Users\Adam\Desktop\gmer.exe[3044] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[3376] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\hp\support\hpsysdrv.exe[3416] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac[3468] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[3844] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4004] ntdll.dll!KiUserExceptionDispatcher + A 77365DD2 5 Bytes JMP 000160C0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
http://www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4004] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 00015300 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
http://www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4004] kernel32.dll!LoadLibraryExW 76669109 5 Bytes [33, C0, C2, 0C, 00] {XOR EAX, EAX; RET 0xc}
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4004] kernel32.dll!VirtualFree 766840AA 5 Bytes JMP 000152E0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
http://www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4004] kernel32.dll!VirtualAlloc 7668AD55 5 Bytes JMP 000152B0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
http://www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[4004] kernel32.dll!CreateFileA 7668CE5F 5 Bytes JMP 00014940 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (
http://www.webroot.com))
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\iTunes\iTunesHelper.exe[4056] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\system32\taskeng.exe[4072] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe[4504] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Program Files\Stardock\ObjectDockPlus2\ObjectDock.exe[4584] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] kernel32.dll!VirtualProtect 76641DC3 5 Bytes JMP 660047B5 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!SetWindowPlacement 774C7963 5 Bytes JMP 660343DC C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!MoveWindow 774C989F 5 Bytes JMP 660346D7 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!SetWindowPos 774D35E3 2 Bytes JMP 66034826 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!SetWindowPos + 3 774D35E6 2 Bytes [B6, EE] {MOV DH, 0xee}
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!DeferWindowPos 774D467F 5 Bytes JMP 66033D58 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!EndPaint 774DA28F 5 Bytes JMP 66002C09 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!BeginPaint 774DA2A3 5 Bytes JMP 66002C0E C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!GetWindowRect 774E0E21 5 Bytes JMP 660349B2 C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
.text C:\Windows\System32\mobsync.exe[5864] USER32.dll!GetWindowPlacement 774F38E3 5 Bytes JMP 6603452D C:\Program Files\Stardock\MyColors\WBLIND.dll (WindowBlinds/Stardock Corporation)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 86563F48
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Services - GMER 1.0.15 ----
Service (*** hidden *** ) [BOOT] jcbggfvh <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcbggfvh@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcbggfvh@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcbggfvh@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\jcbggfvh@Group Boot Bus Extender
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xFD 0x14 0x9B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x83 0xAA 0xCE 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8D 0xBE 0xE0 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x8E 0x64 0x92 0x5C ...
Reg HKLM\SYSTEM\ControlSet002\Services\jcbggfvh@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\jcbggfvh@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\jcbggfvh@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\jcbggfvh@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x48 0xFD 0x14 0x9B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x83 0xAA 0xCE 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x8D 0xBE 0xE0 0xA2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x8E 0x64 0x92 0x5C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CB32676-1BF9-C844-3D10-275E46703089}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CB32676-1BF9-C844-3D10-275E46703089}@abcoiafodchjifjihbmjngibjdehpjogpk 0x61 0x62 0x65 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5CB32676-1BF9-C844-3D10-275E46703089}@bbcoiafodchjifjihbpjagfoecfbfogfmhlj 0x61 0x62 0x6A 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE72919B-4354-D8B2-1A22-E7CD6449212D}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE72919B-4354-D8B2-1A22-E7CD6449212D}@hageggimffbflelf 0x69 0x61 0x6D 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{BE72919B-4354-D8B2-1A22-E7CD6449212D}@iaafaggiffhehldjal 0x69 0x61 0x6E 0x6A ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\EA GAMES\The Sims 2 H&M\xae Fashion Stuff\EAUninstall.exe 32
---- EOF - GMER 1.0.15 ----