1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

A second window keeps opening when I am online - logs/attachments included

Discussion in 'Virus & Other Malware Removal' started by beckri, Dec 2, 2011.

Thread Status:
Not open for further replies.
  1. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    This is the thread where I originally asked for help:
    http://forums.techguy.org/virus-other-malware-removal/1025925-wondering-if-theres-malware-my.html

    When I go online I often notice that a second window appears. It's usually an insurance/dating/"you won" types of sites. I just close it and notice no further issues with it. Each day I run Malwarebytes and SuperAntiSpyware now. Malwarebytes hasn't found anything. But SAS typically will find 60-200 cookies.

    Hopefully I've run each of these right (I'm not tech-savvy):

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:11:39 PM, on 12/2/2011
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v7.00 (7.00.6002.18005)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Users\Riggy\Desktop\Rebecca\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - http://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
    O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
    O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
    O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} -
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E68B48FA-870E-42C5-B3C5-9057308DC2A2}: NameServer = 216.70.0.1,216.70.0.2
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: CopySafe Helper Service (CSHelper) - Unknown owner - C:\Windows\system32\CSHelper.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxdnCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdnserv.exe
    O23 - Service: lxdn_device - - C:\Windows\system32\lxdncoms.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 6572 bytes




    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_29
    Run by Riggy at 16:45:06 on 2011-12-02
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.1292 [GMT -6:00]
    .
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Windows\system32\lxdncoms.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files\Synaptics\SynTP\SynTPStart.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
    mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: discovercard.com\www
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
    DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
    DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} - hxxps://media.pineconeresearch.com/ActiveX/downloadcontrol.cab
    DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47}
    TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{90CD442F-C728-49F9-9E17-7BDA83291501} : DhcpNameServer = 192.168.254.254 192.168.254.254
    TCP: Interfaces\{E68B48FA-870E-42C5-B3C5-9057308DC2A2} : NameServer = 216.70.0.1,216.70.0.2
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\riggy\appdata\roaming\mozilla\firefox\profiles\eyvsix1f.default\
    FF - prefs.js: browser.search.selectedEngine - MyWebSearch
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZRfox000&ptb=FyslWjtCIql.MNunG.wGOw&psa=&ind=2010032419&ptnrS=ZRfox000&si=&st=kwd&n=77cea923&searchfor=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\users\riggy\appdata\roaming\mozilla\firefox\profiles\eyvsix1f.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\riggy\appdata\roaming\mozilla\firefox\profiles\eyvsix1f.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\users\riggy\appdata\roaming\move networks\plugins\npqmp071701000002.dll
    FF - plugin: c:\users\riggy\appdata\roaming\mozilla\firefox\profiles\eyvsix1f.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-11 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-4-6 314456]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-6 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-2-24 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-9 44768]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-18 21504]
    R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
    S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [2008-2-27 94208]
    S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
    S3 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2009-2-18 266240]
    S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2010-9-18 29184]
    S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\googleupdate.exe /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\googleupdate.exe /medsvc --> c:\program files\google\update\GoogleUpdate.exe [?]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-28 17:53:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-11-28 17:52:07 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-11-15 02:16:17 90146 ----a-w- c:\programdata\SPLDE2D.tmp
    2011-11-14 23:36:23 90146 ----a-w- c:\programdata\SPLB25E.tmp
    2011-11-09 23:50:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-09 23:40:19 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-09-20 21:02:55 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-09-11 19:51:11 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
    2011-09-06 13:30:12 2043392 ----a-w- c:\windows\system32\win32k.sys
    .
    ============= FINISH: 16:48:14.24 ===============



    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-02 18:59:26
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 SAMSUNG_HM160HI rev.HH100-10
    Running: dfrnzr3b.exe; Driver: C:\Users\Riggy\AppData\Local\Temp\fglorpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8D0ECFC4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8D0EF456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8D0EF4AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8D0EF5C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8D0EF3AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8D0EF4FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8D0EF400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8D0EF572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8D0ECFE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8D0ECDB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8D0ED00C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8D0EF9BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8D0EDAA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8D0EF486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8D0EF4D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8D0EF5EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8D0EF3D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8D0EF53E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8D0EF42E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8D0EF59C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8D0ED96A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8D0ED030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8D0ED054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8D0ECE0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8D0ECF48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8D0ECF24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8D0ECF6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8D0ED078]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D70C7A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!KeSetEvent + 10D 828F2890 4 Bytes [C4, CF, 0E, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 1D1 828F2954 8 Bytes [56, F4, 0E, 8D, AE, F4, 0E, ...]
    .text ntkrnlpa.exe!KeSetEvent + 1DD 828F2960 4 Bytes [C4, F5, 0E, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 1F5 828F2978 4 Bytes [AC, F3, 0E, 8D]
    .text ntkrnlpa.exe!KeSetEvent + 215 828F2998 8 Bytes [FE, F4, 0E, 8D, 00, F4, 0E, ...]
    .text ...
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A1D62F 5 Bytes JMP 8D70969C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 82A76543 5 Bytes JMP 8D70B15C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A7FE68 4 Bytes CALL 8D0EE025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A83ADC 4 Bytes CALL 8D0EE03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AD7DCA 7 Bytes JMP 8D70C7A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C007340, 0x3ED9C7, 0xE8000020]
    .text win32k.sys!EngCreateRectRgn + 4537 95E7FC90 5 Bytes JMP 8D0F00D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngTransparentBlt + 8C03 95EA2417 5 Bytes JMP 8D0EF9F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 30F6 95EAEAA7 5 Bytes JMP 8D0EFF90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 4569 95EAFF1A 5 Bytes JMP 8D0EFB9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 119BE 95EC9A45 5 Bytes JMP 8D0EFDE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMapFontFileFD + 11A12 95EC9A99 5 Bytes JMP 8D0EFFBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGradientFill + 60DE 95EF33DD 5 Bytes JMP 8D0EFABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMulDiv + 4D3F 95EF9D2E 5 Bytes JMP 8D0EFC0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngStrokePath + 5FF 95F070B4 5 Bytes JMP 8D0EFAD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_vEnumStart + 4728 95F36C09 5 Bytes JMP 8D0EFB56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + E80 95F551A4 5 Bytes JMP 8D0EFD14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_bEnum + 248 95F5AA22 5 Bytes JMP 8D0EFC6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + A0F 95F7CA67 5 Bytes JMP 8D0EFCA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLineTo + D229 95F89281 5 Bytes JMP 8D0EFD4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\Users\Riggy\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00070600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00070804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00070A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000701F8
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000703FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000803FC
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00080600
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00081014
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00080804
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00080A08
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00080C0C
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00080E10
    .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[12] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\csrss.exe[596] KERNEL32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 003603FC
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00360600
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00361014
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00360804
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00360A08
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00360C0C
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00360E10
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 003601F8
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00370600
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00370804
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00370A08
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 003701F8
    .text C:\Users\Riggy\Desktop\dfrnzr3b.exe[604] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 003703FC
    .text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[648] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[648] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000503FC
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00050600
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00051014
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00050804
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00050A08
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00050C0C
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00050E10
    .text C:\Windows\system32\wininit.exe[648] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000501F8
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00060600
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00060804
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00060A08
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000601F8
    .text C:\Windows\system32\wininit.exe[648] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\csrss.exe[660] KERNEL32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[688] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[688] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[688] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[688] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[688] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 001C0600
    .text C:\Windows\System32\svchost.exe[688] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 001C0804
    .text C:\Windows\System32\svchost.exe[688] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 001C0A08
    .text C:\Windows\System32\svchost.exe[688] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001C01F8
    .text C:\Windows\System32\svchost.exe[688] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001C03FC
    .text C:\Windows\system32\services.exe[692] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\services.exe[692] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\services.exe[692] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\services.exe[692] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\services.exe[692] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\services.exe[692] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\services.exe[692] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\services.exe[692] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000901F8
    .text C:\Windows\system32\lsass.exe[708] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000903FC
    .text C:\Windows\system32\lsass.exe[708] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000B03FC
    .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 000B0600
    .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 000B1014
    .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 000B0804
    .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 000B0A08
    .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 000B0C0C
    .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 000B0E10
    .text C:\Windows\system32\lsass.exe[708] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000B01F8
    .text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\lsass.exe[708] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\lsass.exe[708] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\lsass.exe[708] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\lsm.exe[720] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\lsm.exe[720] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\lsm.exe[720] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\lsm.exe[720] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[788] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[788] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[788] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[788] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[788] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[788] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[788] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[788] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[788] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\winlogon.exe[796] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000701F8
    .text C:\Windows\system32\winlogon.exe[796] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000703FC
    .text C:\Windows\system32\winlogon.exe[796] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000903FC
    .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00090600
    .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00091014
    .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00090804
    .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00090A08
    .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00090C0C
    .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00090E10
    .text C:\Windows\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000901F8
    .text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 000A0600
    .text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 000A0804
    .text C:\Windows\system32\winlogon.exe[796] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 000A0A08
    .text C:\Windows\system32\winlogon.exe[796] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\winlogon.exe[796] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[900] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[972] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 004A0600
    .text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 004A0804
    .text C:\Windows\system32\svchost.exe[972] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 004A0A08
    .text C:\Windows\system32\svchost.exe[972] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 004A01F8
    .text C:\Windows\system32\svchost.exe[972] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 004A03FC
    .text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1036] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000803FC
    .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00080600
    .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00081014
    .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00080804
    .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00080A08
    .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00080C0C
    .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00080E10
    .text C:\Windows\System32\svchost.exe[1036] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000801F8
    .text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 002B0600
    .text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 002B0804
    .text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 002B0A08
    .text C:\Windows\System32\svchost.exe[1036] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 002B01F8
    .text C:\Windows\System32\svchost.exe[1036] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 002B03FC
    .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[1068] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[1068] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 005A0600
    .text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 005A0804
    .text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 005A0A08
    .text C:\Windows\System32\svchost.exe[1068] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 005A01F8
    .text C:\Windows\System32\svchost.exe[1068] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 005A03FC
    .text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00380600
    .text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00380804
    .text C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00380A08
    .text C:\Windows\system32\svchost.exe[1080] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 003801F8
    .text C:\Windows\system32\svchost.exe[1080] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 003803FC
    .text C:\Windows\system32\AUDIODG.EXE[1160] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1228] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1228] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1228] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 002C0600
    .text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 002C0804
    .text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 002C0A08
    .text C:\Windows\system32\svchost.exe[1228] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 002C01F8
    .text C:\Windows\system32\svchost.exe[1228] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 002C03FC
    .text C:\Windows\system32\lxdncoms.exe[1244] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
    .text C:\Windows\system32\lxdncoms.exe[1244] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
    .text C:\Windows\system32\lxdncoms.exe[1244] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
    .text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
    .text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
    .text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
    .text C:\Windows\system32\lxdncoms.exe[1244] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
    .text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
    .text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
    .text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
    .text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
    .text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
    .text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
    .text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
    .text C:\Windows\system32\lxdncoms.exe[1244] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00130600
    .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00130804
    .text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00130A08
    .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001301F8
    .text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001303FC
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1452] kernel32.dll!SetUnhandledExceptionFilter 7756A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1452] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\spoolsv.exe[1784] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\spoolsv.exe[1784] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00150600
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00150804
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00150A08
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001501F8
    .text C:\Windows\System32\spoolsv.exe[1784] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001503FC
    .text C:\Windows\system32\svchost.exe[1808] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[1808] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[1808] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[1808] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 001B0600
    .text C:\Windows\system32\svchost.exe[1808] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 001B0804
    .text C:\Windows\system32\svchost.exe[1808] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 001B0A08
    .text C:\Windows\system32\svchost.exe[1808] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001B01F8
    .text C:\Windows\system32\svchost.exe[1808] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001B03FC
    .text C:\Windows\System32\svchost.exe[2076] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[2076] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[2076] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[2076] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\Dwm.exe[2084] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\Dwm.exe[2084] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\Dwm.exe[2084] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000803FC
    .text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00080600
    .text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00081014
    .text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00080804
    .text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00080A08
    .text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00080C0C
    .text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00080E10
    .text C:\Windows\system32\Dwm.exe[2084] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000801F8
    .text C:\Windows\system32\Dwm.exe[2084] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00090600
    .text C:\Windows\system32\Dwm.exe[2084] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00090804
    .text C:\Windows\system32\Dwm.exe[2084] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00090A08
    .text C:\Windows\system32\Dwm.exe[2084] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000901F8
    .text C:\Windows\system32\Dwm.exe[2084] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000903FC
    .text C:\Windows\system32\svchost.exe[2112] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2112] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2112] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2112] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 000C0600
    .text C:\Windows\system32\svchost.exe[2112] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 000C0804
    .text C:\Windows\system32\svchost.exe[2112] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\svchost.exe[2112] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\svchost.exe[2112] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000C03FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001403FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2164] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8
    .text C:\Windows\Explorer.EXE[2176] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\Explorer.EXE[2176] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\Explorer.EXE[2176] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\Explorer.EXE[2176] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\Explorer.EXE[2176] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
    .text C:\Windows\Explorer.EXE[2176] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
    .text C:\Windows\Explorer.EXE[2176] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
    .text C:\Windows\Explorer.EXE[2176] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\Explorer.EXE[2176] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\taskeng.exe[2196] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskeng.exe[2196] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskeng.exe[2196] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\taskeng.exe[2196] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\taskeng.exe[2196] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
    .text C:\Windows\system32\svchost.exe[2276] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2276] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2276] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2276] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00170600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00171014
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00170804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00170A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00170C0C
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00170E10
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00180600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00180804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00180A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001801F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[2456] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Synaptics\SynTP\SynTPStart.exe[2476] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00280600
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00280804
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00280A08
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 002801F8
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 002803FC
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 002903FC
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00290600
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00291014
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00290804
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00290A08
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00290C0C
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00290E10
    .text C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe[2484] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 002901F8
    .text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2508] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\ehome\ehtray.exe[2516] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\ehome\ehtray.exe[2516] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\ehome\ehtray.exe[2516] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000803FC
    .text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00080600
    .text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00081014
    .text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00080804
    .text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00080A08
    .text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00080C0C
    .text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00080E10
    .text C:\Windows\ehome\ehtray.exe[2516] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000801F8
    .text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00090600
    .text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00090804
    .text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00090A08
    .text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000901F8
    .text C:\Windows\ehome\ehtray.exe[2516] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000903FC
    .text C:\Windows\ehome\ehmsas.exe[2652] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000401F8
    .text C:\Windows\ehome\ehmsas.exe[2652] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000403FC
    .text C:\Windows\ehome\ehmsas.exe[2652] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000603FC
    .text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00060600
    .text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00061014
    .text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00060804
    .text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00060A08
    .text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00060C0C
    .text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00060E10
    .text C:\Windows\ehome\ehmsas.exe[2652] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000601F8
    .text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00070600
    .text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00070804
    .text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00070A08
    .text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000701F8
    .text C:\Windows\ehome\ehmsas.exe[2652] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000703FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
    .text C:\Program Files\CyberLink\Shared Files\RichVideo.exe[2796] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8
    .text C:\Windows\system32\svchost.exe[2828] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\svchost.exe[2828] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\svchost.exe[2828] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\svchost.exe[2828] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\System32\svchost.exe[2856] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\System32\svchost.exe[2856] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\System32\svchost.exe[2856] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\System32\svchost.exe[2856] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[2880] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 000501F8
    .text C:\Windows\system32\SearchIndexer.exe[2880] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 000503FC
    .text C:\Windows\system32\SearchIndexer.exe[2880] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 000703FC
    .text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00070600
    .text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00071014
    .text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00070804
    .text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00070A08
    .text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00070C0C
    .text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00070E10
    .text C:\Windows\system32\SearchIndexer.exe[2880] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 000701F8
    .text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00080600
    .text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00080804
    .text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00080A08
    .text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 000801F8
    .text C:\Windows\system32\SearchIndexer.exe[2880] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 000803FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001401F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001403FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00160600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00160804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00160A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001703FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00170600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00171014
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00170804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00170A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00170C0C
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00170E10
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[3148] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ntdll.dll!LdrLoadDll 77BF93A8 5 Bytes JMP 001501F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ntdll.dll!LdrUnloadDll 77C0B740 5 Bytes JMP 001503FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] kernel32.dll!GetBinaryTypeW + 70 77592467 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!SetWindowsHookExA 766E6322 5 Bytes JMP 00170600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!SetWindowsHookExW 766E87AD 5 Bytes JMP 00170804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!UnhookWindowsHookEx 766E98DB 5 Bytes JMP 00170A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!SetWinEventHook 766E9F3A 5 Bytes JMP 001701F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] USER32.dll!UnhookWinEvent 766EC06F 5 Bytes JMP 001703FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!CreateServiceW 77B49EB4 5 Bytes JMP 001803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!DeleteService 77B4A07E 5 Bytes JMP 00180600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!SetServiceObjectSecurity 77B86CD9 5 Bytes JMP 00181014
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!ChangeServiceConfigA 77B86DD9 5 Bytes JMP 00180804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!ChangeServiceConfigW 77B86F81 5 Bytes JMP 00180A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!ChangeServiceConfig2A 77B87099 5 Bytes JMP 00180C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!ChangeServiceConfig2W 77B871E1 5 Bytes JMP 00180E10
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3496] ADVAPI32.dll!CreateServiceA 77B872A1 5 Bytes JMP 001801F8

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Files - GMER 1.0.15 ----

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\r627 0 bytes
    File C:\## aswSnx private storage\snx_rhive 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 5120 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{cdb50c61-1d35-11e1-a58e-001b24f3611f}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{cdb50c61-1d35-11e1-a58e-001b24f3611f}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{cdb50c61-1d35-11e1-a58e-001b24f3611f}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    bump
     
  3. beckri

    beckri Thread Starter

    Joined:
    Jan 22, 2003
    Messages:
    199
    Starting yesterday, I now get two windows that open. This morning one had something to do with a rugby game and the other was some sort of "I finally got pregnant" ad of some sort. Does anyone know if someone could've added some sort of code to my blog without me knowing? (Meaning someone outside of my home... remotely?)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1029426

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice