Ok, here goes.....
GMER 1.0.15.15477 -
http://www.gmer.netRootkit scan 2010-10-31 20:52:08
Windows 5.1.2600 Service Pack 3
Running: 27rk1r02.exe; Driver: C:\DOCUME~1\RICKHA~1\LOCALS~1\Temp\uxroqkoc.sys
---- System - GMER 1.0.15 ----
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xB9EA9AC2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xB9ED12D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xB9ED14C8]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xB9EA9CB6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xB9EA9D5C]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xB9EA99B2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xB9EF3020]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xB9EA9EF8]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xB9EABBD6]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708D000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7069000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7066000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 7090000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\WINDOWS\Explorer.EXE[208] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 7060000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7072000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7078000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7075000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7063000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707B000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[208] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\WINDOWS\Explorer.EXE[208] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [89, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9E, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [92, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [AA, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A4, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [21, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [A1, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [95, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A7, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [39, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8F, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [9B, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [98, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8C, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AA000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DD000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7125000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D1000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716A000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00270001
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715E000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7164000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7161000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 714F000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7152000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D4000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707D000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70BF000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705C000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7113000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715B000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7086000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7089000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 7080000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7083000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710D000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6C, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D7000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E0000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709B000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7137000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7056000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A1000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7110000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B3000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BC000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70B9000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704D000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706E000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706B000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709E000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 7050000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7059000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7134000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7053000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B6000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7140000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7098000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DA000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F5000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E3000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7107000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F8000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FB000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7095000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E6000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70EF000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70E9000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710A000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F2000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FE000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708C000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7068000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7065000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CB000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CD, 70] {INT 0x70}
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708F000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7101000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegQueryValueA 77DFBB8D 6 Bytes JMP 70EC000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7104000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7092000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7167000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 711F000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711C000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7155000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705F000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7131000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C5000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712E000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C1, 70]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7071000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2A, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7077000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7074000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7062000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7158000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 7119000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C8000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 707A000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7128000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713D000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[328] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [15, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[328] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A7000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A4000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7143000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B0000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AD000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7146000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714C000A
.text C:\Program Files\iPod\bin\iPodService.exe[328] SHELL32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 7149000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [22, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!DeviceIoControl 7C801629 6 Bytes JMP 70AB000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 70DE000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!VirtualProtectEx 7C801A61 6 Bytes JMP 7126000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 70D2000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 716B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 030F0001
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 715F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 7165000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 7162000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 7150000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 7153000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!VirtualAlloc 7C809AF1 6 Bytes JMP 70D5000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MultiByteToWideChar 7C809C98 6 Bytes JMP 707C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 70C0000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!WideCharToMultiByte 7C80A174 6 Bytes JMP 705B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 7114000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 715C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateMutexW 7C80E957 6 Bytes JMP 7085000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateMutexA 7C80E9DF 6 Bytes JMP 7088000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!OpenMutexW 7C80EA35 6 Bytes JMP 707F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!OpenMutexA 7C80EABB 6 Bytes JMP 7082000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!GetVolumeInformationW 7C80FA85 6 Bytes JMP 710E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [6D, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 70D8000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 70E1000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!WriteFile 7C810E27 6 Bytes JMP 709C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 7138000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MoveFileW 7C821261 6 Bytes JMP 7055000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateDirectoryA 7C8217AC 6 Bytes JMP 70A2000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 7111000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 70B4000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CopyFileA 7C8286EE 6 Bytes JMP 70BD000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CopyFileW 7C82F87B 6 Bytes JMP 70BA000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!OpenProcess 7C8309E9 6 Bytes JMP 704C000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!DeleteFileA 7C831EDD 6 Bytes JMP 706D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!DeleteFileW 7C831F63 6 Bytes JMP 706A000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateDirectoryW 7C832402 6 Bytes JMP 709F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MoveFileExW 7C83568B 6 Bytes JMP 704F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MoveFileA 7C835EBF 6 Bytes JMP 7058000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 7135000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!MoveFileExA 7C85E49B 6 Bytes JMP 7052000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CopyFileExA 7C85F39C 6 Bytes JMP 70B7000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 7141000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!SetThreadContext 7C863C09 6 Bytes JMP 7099000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 70DB000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 6 Bytes JMP 70F6000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueExW 77DD6FFF 6 Bytes JMP 70E4000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegCreateKeyExW 77DD776C 6 Bytes JMP 7108000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 70F9000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegOpenKeyW 77DD7946 6 Bytes JMP 70FC000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!OpenProcessToken 77DD798B 6 Bytes JMP 7096000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueExA 77DD7ABB 6 Bytes JMP 70E7000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegSetValueExW 77DDD767 6 Bytes JMP 70F0000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueW 77DDD87A 6 Bytes JMP 70EA000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 710B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 70F3000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 6 Bytes JMP 70FF000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!AdjustTokenPrivileges 77DDF00C 6 Bytes JMP 708B000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegDeleteKeyA 77DE42A0 6 Bytes JMP 7067000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegDeleteKeyW 77DE559B 6 Bytes JMP 7064000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!OpenSCManagerW 77DE6F55 6 Bytes JMP 70CC000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [CE, 70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!LookupPrivilegeValueW 77DFB8DF 6 Bytes JMP 708E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegCreateKeyW 77DFBA55 6 Bytes JMP 7102000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueA 77DFBB8D 4 Bytes [FF, 25, 1E, 00]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegQueryValueA + 5 77DFBB92 1 Byte [70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 6 Bytes JMP 7105000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!LookupPrivilegeValueA 77DFC238 6 Bytes JMP 7093000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 7168000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 7120000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 711D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 7156000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowTextW 7E42960E 6 Bytes JMP 705E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [09, 5F]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 7132000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetWindowTextW 7E42A5CD 6 Bytes JMP 70C6000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 712F000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [C2, 70]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!CreateWindowExW 7E42D0A3 6 Bytes JMP 7070000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [2B, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!DrawTextW 7E42D7E2 6 Bytes JMP 7076000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!CreateWindowExA 7E42E4A9 6 Bytes JMP 7073000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowTextA 7E42F56B 6 Bytes JMP 7061000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 7159000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 711A000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 70C9000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!DrawTextA 7E43C702 6 Bytes JMP 7079000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 7129000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 713E000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [16, 71]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] WININET.dll!InternetOpenUrlA 3D956F5A 6 Bytes JMP 70A8000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] WININET.dll!InternetOpenUrlW 3D998439 6 Bytes JMP 70A5000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!ShellExecuteExW 7CA0991B 6 Bytes JMP 7144000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!Shell_NotifyIcon 7CA28C16 6 Bytes JMP 70B1000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!Shell_NotifyIconW 7CA2A587 6 Bytes JMP 70AE000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!ShellExecuteEx 7CA40E7D 6 Bytes JMP 7147000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!ShellExecuteA 7CA411A8 6 Bytes JMP 714D000A
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[332] shell32.dll!ShellExecuteW 7CAB5E68 6 Bytes JMP 714A000A