1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

search/find box keeps popping up

Discussion in 'Virus & Other Malware Removal' started by hugo9081, Jan 28, 2013.

Thread Status:
Not open for further replies.
  1. hugo9081

    hugo9081 Thread Starter

    Joined:
    Jan 27, 2013
    Messages:
    1
    The search/find box keeps popping up in various applications. It comes up in windows explorer/firefox/chrome with mouse or keyboard input.

    Hijack This log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:58:46 PM, on 1/27/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\Firefox\firefox.exe
    D:\Program Files\Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Users\Kevin\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;192.168.*.*
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
    O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\coIEPlg.dll
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: FancyStart daemon.lnk = ?
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    O21 - SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
    O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ASO3DiskOptimizer - Systweak Inc., (www.systweak.com) - C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
    O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Unknown owner - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    --
    End of file - 12043 bytes


    dds.txt file:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
    Run by Kevin at 13:03:28 on 2013-01-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.2570 [GMT -5:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\FBAgent.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
    C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
    C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe
    C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\P4G\BatteryLife.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
    C:\Program Files\Elantech\ETDCtrlHelper.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\AsScrPro.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    D:\Program Files\Firefox\firefox.exe
    D:\Program Files\Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uDefault_Page_URL = hxxp://asus.msn.com
    mStart Page = hxxp://asus.msn.com
    uURLSearchHooks: {f16708b8-d2df-482d-9dfa-aa8d8894f0f4} - <orphaned>
    mWinlogon: Userinit = userinit.exe
    BHO: AutorunsDisabled - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\CoIEPlg.dll
    BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\IPS\IPSBHO.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\CoIEPlg.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SugarSync] "C:\Program Files (x86)\SugarSync\SugarSync.exe" -startInTray -usedelay=true
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
    uPolicies-Explorer: NoDriveAutoRun = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: dontdisplaylastusername = dword:1
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
    TCP: NameServer = 192.168.0.1
    TCP: Interfaces\{3DD5505C-76F3-4034-B6D6-13E82EBEDD12} : DHCPNameServer = 192.168.0.1
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
    STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\SysWOW64\SSCbFsMntNtf3.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = hxxp://asus.msn.com
    x64-BHO: AutorunsDisabled - <orphaned>
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
    x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
    x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
    x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
    x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-SSODL: EldosMountNotificator - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
    x64-STS: Virtual Storage Mount Notification - {C28617FD-4FE7-4043-AD51-C8132CE90106} - C:\Windows\System32\SSCbFsMntNtf3.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\q9x9nqfg.default\
    FF - prefs.js: browser.startup.homepage - about:blank
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=396012&p=
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: general.useragent.extra.brc -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2011-10-20 54848]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-10-8 30056]
    R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1402010.016\SymDS64.sys [2013-1-26 493216]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1402010.016\SymEFA64.sys [2013-1-26 1133216]
    R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-16 1388120]
    R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1402010.016\ccSetx64.sys [2013-1-26 168096]
    R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-8-1 41704]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\Definitions\IPSDefs\20130124.001\IDSviA64.sys [2013-1-24 513184]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1402010.016\Ironx64.sys [2013-1-26 224416]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1402010.016\symnets.sys [2013-1-26 432800]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
    R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-5-23 379520]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-7-20 262376]
    R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-3-1 76448]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    R2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2012-7-17 116632]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2013-1-26 143928]
    R2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2012-10-24 65657]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]
    R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
    R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-3-1 28832]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-14 138912]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-4-22 138024]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-4-22 317440]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-23 413800]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    R3 SSCBFS3;SugarSync CallBack File System driver v3;C:\Windows\System32\drivers\sscbfs3.sys [2012-12-12 347456]
    S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-3-1 36000]
    S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2011-3-1 51872]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-3-1 298656]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-3-1 201376]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-3-1 55456]
    S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-3-1 154272]
    S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-3-1 280224]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-2-3 48488]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2012-6-11 22016]
    S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2012-1-25 9728]
    S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2012-6-8 31232]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456]
    S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\rtsuvstor.sys [2011-5-23 290920]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2012-11-19 3430824]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-19 1255736]
    S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2013-01-27 15:41:00 -------- d-----w- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com
    2013-01-27 15:40:20 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2013-01-27 15:40:20 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2013-01-26 16:50:03 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes
    2013-01-26 16:49:52 -------- d-----w- C:\ProgramData\Malwarebytes
    2013-01-26 16:49:51 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-01-26 16:49:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-01-26 16:49:29 -------- d-----w- C:\Users\Kevin\AppData\Local\Programs
    2013-01-26 16:13:33 776864 ----a-r- C:\Windows\System32\drivers\NISx64\1402010.016\srtsp64.sys
    2013-01-26 16:13:33 493216 ----a-r- C:\Windows\System32\drivers\NISx64\1402010.016\SymDS64.sys
    2013-01-26 16:13:33 432800 ----a-r- C:\Windows\System32\drivers\NISx64\1402010.016\symnets.sys
    2013-01-26 16:13:33 37496 ----a-r- C:\Windows\System32\drivers\NISx64\1402010.016\srtspx64.sys
    2013-01-26 16:13:33 23448 ----a-r- C:\Windows\System32\drivers\NISx64\1402010.016\SymELAM.sys
    2013-01-26 16:13:33 224416 ----a-r- C:\Windows\System32\drivers\NISx64\1402010.016\Ironx64.sys
    2013-01-26 16:13:33 1133216 ----a-r- C:\Windows\System32\drivers\NISx64\1402010.016\SymEFA64.sys
    2013-01-26 16:13:32 168096 ----a-r- C:\Windows\System32\drivers\NISx64\1402010.016\ccSetx64.sys
    2013-01-26 16:13:27 -------- d-----w- C:\Windows\System32\drivers\NISx64\1402010.016
    2013-01-17 15:07:48 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    .
    ==================== Find3M ====================
    .
    2013-01-26 16:13:53 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2013-01-14 02:13:18 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-14 02:13:18 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
    2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
    2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
    2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
    2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
    2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
    2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
    2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
    2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
    2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
    2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
    2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
    2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
    2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
    2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
    2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
    2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
    2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
    2012-12-06 17:11:40 11518976 ----a-w- C:\Windows\System32\drivers\Netwsw00.sys
    2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
    2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
    2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
    2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
    2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-08 16:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll
    2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
    2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
    2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-10-30 22:49:22 142656 ----a-w- C:\Windows\System32\SSCbFsNetRdr3.dll
    2012-10-30 22:49:18 224576 ----a-w- C:\Windows\SysWow64\SSCbFsNetRdr3.dll
    2012-10-30 22:49:14 191808 ----a-w- C:\Windows\System32\SSCbFsMntNtf3.dll
    2012-10-30 22:49:04 159040 ----a-w- C:\Windows\SysWow64\SSCbFsMntNtf3.dll
    2012-10-30 22:48:48 347456 ----a-w- C:\Windows\System32\drivers\sscbfs3.sys
    .
    ============= FINISH: 13:04:11.99 ===============



    attach file:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/17/2011 12:51:30 AM
    System Uptime: 1/27/2013 9:00:53 AM (4 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | K53SV
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU 1 | 1580/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 238 GiB total, 156.121 GiB free.
    D: is FIXED (NTFS) - 333 GiB total, 306.619 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&FA82FF0&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&FA82FF0&0&01
    Service: vwifimp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&FA82FF0&0&02
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter #2
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&FA82FF0&0&02
    Service: vwifimp
    .
    ==== System Restore Points ===================
    .
    RP118: 1/15/2013 9:53:02 PM - Scheduled Checkpoint
    RP119: 1/17/2013 10:06:20 AM - Installed Java 7 Update 11
    RP120: 1/25/2013 2:54:05 PM - Restore Point 1
    RP121: 1/27/2013 10:56:00 AM - Windows Update
    .
    ==== Installed Programs ======================
    .
    ??????? Windows Live Mesh ActiveX ??(????)
    ??????? Windows Live Mesh ActiveX ???
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Lightroom 4.2 64-bit
    Adobe Reader X (10.1.4)
    Advanced System Optimizer
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS AI Recovery
    ASUS Bluetooth Suite
    ASUS FancyStart
    ASUS K3 Series ScreenSaver
    ASUS LifeFrame3
    ASUS Live Update
    ASUS Power4Gear Hybrid
    ASUS Virtual Camera
    ATK Package
    Bonjour
    Canon iP4200
    Complemento Messenger
    Complément Messenger
    Contrôle ActiveX Windows Live Mesh pour connexions à distance
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Controlo ActiveX do Windows Live Mesh para Ligações Remotas
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Eraser 6.0.8.2273
    ETDWare PS/2-X64 8.0.5.0_WHQL
    Fast Boot
    Firestorm-Release (remove only)
    Galeria de Fotografias do Windows Live
    Galerie de photos Windows Live
    Galería fotográfica de Windows Live
    Google Chrome
    Google Update Helper
    Intel PROSet Wireless
    Intel(R) Control Center
    Intel(R) Processor Graphics
    Intel(R) PROSet/Wireless WiFi Software
    Intel(R) Turbo Boost Technology Monitor
    iTunes
    Java 7 Update 11
    Java Auto Updater
    Java(TM) 6 Update 35
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.70.0.1100
    Mesh Runtime
    Messenger ????
    Messenger ?????
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Starter 2010 - English
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Motorola Device Manager
    Motorola Device Software Update
    Motorola Mobile Drivers Installation 5.9.0
    Mozilla Firefox 18.0.1 (x86 en-US)
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    My Lockbox 2.6
    Norton Internet Security
    NVIDIA Control Panel 306.97
    NVIDIA Graphics Driver 306.97
    NVIDIA Install Application
    NVIDIA Optimus 1.10.8
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    OverDrive Media Console
    QuickTime
    Random Password Generator
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Reader Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    SugarSync
    SUPERAntiSpyware
    TeamViewer 8
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Player Firefox Plugin
    WinFlash
    Wireless Console 3
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/27/2013 9:18:31 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    1/27/2013 9:03:43 AM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/27/2013 9:03:43 AM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
    1/26/2013 11:29:52 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    .
    ==== End Of File ===========================


    ark.txt
    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-27 23:51:45
    Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
    Running: qtdp7pn8.exe; Driver: C:\Users\Kevin\AppData\Local\Temp\pgloqpod.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010028091c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100280048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002802ee
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002804b2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002809fe
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100280ae0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010028012a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100280758
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100280676
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002803d0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100280594
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010028083a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010028020c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100280f52
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100290210
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100290048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d0a9d1}
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100280ca6
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002903d8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010029012c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002902f4
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100280e6e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe[1488] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001002904bc
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010028091c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100280048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002802ee
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002804b2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002809fe
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100280ae0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010028012a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100280758
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100280676
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002803d0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100280594
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010028083a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010028020c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100280f52
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100290210
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100290048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d0a9d1}
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100280ca6
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002903d8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010029012c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002902f4
    .text C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe[1584] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100280e6e
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 00000001000a091c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 00000001000a0048
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001000a02ee
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001000a04b2
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001000a09fe
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 00000001000a0ae0
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 00000001000a012a
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 00000001000a0758
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 00000001000a0676
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001000a03d0
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 00000001000a0594
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 00000001000a083a
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 00000001000a020c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001000b059e
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 00000001000a0f52
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 00000001000b0210
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 00000001000b0048
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89b2a9d1}
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 00000001000a0ca6
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001000b03d8
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 00000001000b012c
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001000b02f4
    .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1864] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 00000001000a0e6e
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010029091c
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100290048
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002902ee
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002904b2
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002909fe
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100290ae0
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010029012a
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100290758
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100290676
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002903d0
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100290594
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010029083a
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010029020c
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100290f52
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 00000001002a0210
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 00000001002a0048
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d1a9d1}
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100290ca6
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002a03d8
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 00000001002a012c
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002a02f4
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100290e6e
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001002a059e
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes [3B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[1136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010027091c
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100270048
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002702ee
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002704b2
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002709fe
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100270ae0
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010027012a
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100270758
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100270676
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002703d0
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100270594
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010027083a
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010027020c
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001002804bc
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100270f52
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100280210
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100280048
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89cfa9d1}
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100270ca6
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002803d8
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010028012c
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002802f4
    .text C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe[2148] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100270e6e
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes [3B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2920] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010021091c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100210048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002102ee
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002104b2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002109fe
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100210ae0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010021012a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100210758
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100210676
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002103d0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100210594
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010021083a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010021020c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 000000010022059e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100210f52
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100220210
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100220048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89c9a9d1}
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100210ca6
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002203d8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010022012c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002202f4
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[2956] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100210e6e
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010039091c
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100390048
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001003902ee
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001003904b2
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001003909fe
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100390ae0
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010039012a
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100390758
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100390676
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001003903d0
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100390594
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010039083a
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010039020c
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100390f52
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 00000001003a0210
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 00000001003a0048
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89e1a9d1}
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100390ca6
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001003a03d8
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 00000001003a012c
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001003a02f4
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100390e6e
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001003a0762
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes [3B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes [3B, 76]
    .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[3024] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010029091c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100290048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002902ee
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002904b2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002909fe
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100290ae0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010003004c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010029012a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100290758
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100290676
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002903d0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100290594
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010029083a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010029020c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001002a04bc
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100290f52
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 00000001002a0210
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 00000001002a0048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d1a9d1}
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100290ca6
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002a03d8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 00000001002a012c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002a02f4
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[3376] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100290e6e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010021091c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100210048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002102ee
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002104b2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002109fe
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100210ae0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010021012a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100210758
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100210676
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002103d0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100210594
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010021083a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010021020c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001002204bc
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100210f52
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100220210
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100220048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89c9a9d1}
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100210ca6
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002203d8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010022012c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002202f4
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[4052] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100210e6e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010028091c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100280048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002802ee
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002804b2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002809fe
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100280ae0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010028012a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100280758
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100280676
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002803d0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100280594
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010028083a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010028020c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 000000010029059e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100280f52
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100290210
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100290048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d0a9d1}
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100280ca6
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002903d8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010029012c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002902f4
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[4068] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100280e6e
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 0000000100c4091c
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100c40048
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 0000000100c402ee
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 0000000100c404b2
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 0000000100c409fe
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100c40ae0
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 0000000100c4012a
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100c40758
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100c40676
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 0000000100c403d0
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100c40594
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 0000000100c4083a
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 0000000100c4020c
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100c40f52
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100c50210
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100c50048
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff8a6ca9d1}
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100c40ca6
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 0000000100c503d8
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 0000000100c5012c
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 0000000100c502f4
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100c40e6e
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 0000000100c50762
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes [3B, 76]
    .text ... * 9
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes [3B, 76]
    .text C:\Program Files (x86)\SugarSync\SugarSync.exe[4880] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010031091c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100310048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001003102ee
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001003104b2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001003109fe
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100310ae0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010031012a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100310758
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100310676
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001003103d0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100310594
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010031083a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010031020c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001003204bc
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100310f52
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100320210
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100320048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d9a9d1}
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100310ca6
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001003203d8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010032012c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001003202f4
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[4948] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100310e6e
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010030091c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100300048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001003002ee
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001003004b2
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001003009fe
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100300ae0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010030012a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100300758
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100300676
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001003003d0
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100300594
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010030083a
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010030020c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001003104bc
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100300f52
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100310210
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100310048
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d8a9d1}
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100300ca6
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001003103d8
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010031012c
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001003102f4
    .text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[5108] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100300e6e
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 00000001002d091c
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 00000001002d0048
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002d02ee
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002d04b2
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002d09fe
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 00000001002d0ae0
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 00000001002d012a
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 00000001002d0758
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 00000001002d0676
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002d03d0
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 00000001002d0594
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 00000001002d083a
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 00000001002d020c
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001002e059e
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 00000001002d0f52
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 00000001002e0210
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 00000001002e0048
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d5a9d1}
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 00000001002d0ca6
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002e03d8
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 00000001002e012c
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002e02f4
    .text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[5116] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 00000001002d0e6e
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010014091c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100140048
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001001402ee
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001001404b2
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001001409fe
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100140ae0
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010014012a
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100140758
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100140676
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001001403d0
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100140594
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010014083a
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010014020c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100140f52
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100150210
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100150048
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89bca9d1}
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100140ca6
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001001503d8
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010015012c
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001001502f4
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100140e6e
    .text C:\Program Files (x86)\iTunes\iTunesHelper.exe[4264] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001001504bc
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010029091c
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100290048
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002902ee
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002904b2
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002909fe
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100290ae0
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010029012a
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100290758
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100290676
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002903d0
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100290594
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010029083a
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010029020c
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100290f52
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 00000001002a0210
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 00000001002a0048
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d1a9d1}
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100290ca6
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002a03d8
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 00000001002a012c
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002a02f4
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100290e6e
    .text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4108] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001002a0762
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010027091c
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100270048
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002702ee
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002704b2
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002709fe
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100270ae0
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010027012a
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100270758
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100270676
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002703d0
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100270594
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010027083a
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010027020c
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100270f52
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100280210
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100280048
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89cfa9d1}
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100270ca6
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002803d8
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010028012c
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002802f4
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100270e6e
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 000000010028059e
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000763b1401 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000763b1419 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000763b1431 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000763b144a 2 bytes [3B, 76]
    .text ... * 9
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000763b14dd 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000763b14f5 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000763b150d 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000763b1525 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000763b153d 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000763b1555 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000763b156d 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000763b1585 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000763b159d 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000763b15b5 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000763b15cd 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000763b16b2 2 bytes [3B, 76]
    .text C:\Windows\AsScrPro.exe[3444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000763b16bd 2 bytes [3B, 76]
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 00000001001d091c
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 00000001001d0048
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001001d02ee
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001001d04b2
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001001d09fe
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 00000001001d0ae0
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 00000001001d012a
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 00000001001d0758
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 00000001001d0676
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001001d03d0
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 00000001001d0594
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 00000001001d083a
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 00000001001d020c
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001001e059e
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 00000001001d0f52
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 00000001001e0210
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 00000001001e0048
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89c5a9d1}
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 00000001001d0ca6
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001001e03d8
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 00000001001e012c
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001001e02f4
    .text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[2864] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 00000001001d0e6e
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007746fc90 5 bytes JMP 000000010028091c
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007746fdf4 5 bytes JMP 0000000100280048
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007746fe88 5 bytes JMP 00000001002802ee
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007746ffe4 5 bytes JMP 00000001002804b2
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077470018 5 bytes JMP 00000001002809fe
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077470048 5 bytes JMP 0000000100280ae0
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077470064 5 bytes JMP 000000010002004c
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007747077c 5 bytes JMP 000000010028012a
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007747086c 5 bytes JMP 0000000100280758
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077470884 5 bytes JMP 0000000100280676
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077470dd4 5 bytes JMP 00000001002803d0
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077471900 5 bytes JMP 0000000100280594
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077471bc4 5 bytes JMP 000000010028083a
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077471d50 5 bytes JMP 000000010028020c
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 000000007658524f 7 bytes JMP 0000000100280f52
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 00000000765853d0 7 bytes JMP 0000000100290210
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076585677 1 byte JMP 0000000100290048
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076585679 5 bytes {JMP 0xffffffff89d0a9d1}
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 000000007658589a 7 bytes JMP 0000000100280ca6
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076585a1d 7 bytes JMP 00000001002903d8
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076585c9b 7 bytes JMP 000000010029012c
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076585d87 7 bytes JMP 00000001002902f4
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076587240 7 bytes JMP 0000000100280e6e
    .text C:\Users\Kevin\Desktop\qtdp7pn8.exe[5612] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000076431492 7 bytes JMP 00000001002904bc

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [1488:1540] 0000000000020060
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [1584:1596] 0000000000020060
    Thread C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [1864:1872] 0000000000020060
    Thread C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [1136:1496] 0000000000030060
    Thread C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2148:2176] 0000000000020060
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe [2956:2964] 0000000000020060
    Thread C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe [3024:3404] 0000000000030060
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe [3376:3672] 0000000000030060
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [3488:3724] 0000000000020060
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [3488:3740] 00000000706d786a
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [4052:4060] 0000000000020060
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe [4068:4080] 0000000000020060
    Thread C:\Program Files (x86)\SugarSync\SugarSync.exe [4880:4936] 0000000000020060
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [4948:3848] 0000000000020060
    Thread C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [5108:4116] 0000000000020060
    Thread C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [5116:816] 0000000000020060
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4264:428] 0000000000020060
    Thread C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [4108:3936] 0000000000020060
    Thread C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [4260:3768] 0000000000020060
    Thread C:\Windows\AsScrPro.exe [3444:1072] 0000000000020060
    Thread C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2864:4864] 0000000000020060
    Thread C:\Users\Kevin\Desktop\qtdp7pn8.exe [5612:5640] 0000000000020060

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272b3eec6
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002243d7288d
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272b3eec6 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002243d7288d (not active ControlSet)

    ---- Files - GMER 2.0 ----

    File C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.2.1.22\BASH\1301270d.kc 4907186 bytes

    ---- EOF - GMER 2.0 ----
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1087186

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice