1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Sluggish System; Questionable Processes

Discussion in 'Virus & Other Malware Removal' started by DystopianDream, Dec 22, 2011.

Thread Status:
Not open for further replies.
  1. DystopianDream

    DystopianDream Thread Starter

    Joined:
    Dec 21, 2011
    Messages:
    1
    Hello--I'm so glad I found this forum. I will do my best to follow the guidelines to a T but I'm not the most savvy person, so please forgive me if I overlook something or don't explain it quite right.

    Issues: My computer has been running incredibly slowly lately; it is *painfully* slow at start up. I am also sharing internet with my neighbor on an unsecured network so I have some concerns about privacy. And because this is such a tiny system, I'd appreciate any advice about files/programs I could delete to regain some space.

    Thanks a lot.

    Here come the logs:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:35:32 PM, on 12/21/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Monkey\My Documents\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.Yahoo.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.msn.iplay.com/?o=shp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [IDTSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [AESTFltr] "C:\WINDOWS\system32\AESTFltr.exe" /NoDlg
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV.exe

    --
    End of file - 7763 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by Monkey at 21:02:54 on 2011-12-21
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.352 [GMT -6:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IDT\WDM\STacSV.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Alwil Software\Avast5\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\program files\real\realplayer\update\realsched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Monkey\My Documents\Downloads\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://start.msn.iplay.com/?o=shp
    uDefault_Page_URL = hxxp://www.Yahoo.com
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IDTSysTrayApp] sttray.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [AESTFltr] "c:\windows\system32\AESTFltr.exe" /NoDlg
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\monkey\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    Trusted Zone: netflix.com\www
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{166B7AEA-969C-417E-9D8E-3BD526B44FEC} : DhcpNameServer = 192.168.2.1
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\monkey\application data\mozilla\firefox\profiles\udxbkymn.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - gmail.com
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-1 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-18 314456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-18 20568]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-11 44768]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2008-10-5 112128]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-12-11 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    .
    =============== Created Last 30 ================
    .
    2012-01-01 23:15:46 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    .
    ==================== Find3M ====================
    .
    2011-12-29 21:26:50 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-28 18:01:25 41184 ----a-w- c:\windows\avastSS.scr
    2011-11-23 13:25:32 1859584 ------w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ------w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ------w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ------w- c:\windows\system32\ntkrnlpa.exe
    2011-10-18 11:13:22 186880 ------w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ------w- c:\windows\system32\inetcomm.dll
    2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-10-03 07:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-26 16:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 16:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 16:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    .
    ============= FINISH: 21:12:07.98 ===============
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-12-21 22:55:32
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SanDisk_pSSD_16GB rev.SSD_4.46
    Running: bzimwpie.exe; Driver: C:\DOCUME~1\Monkey\LOCALS~1\Temp\pwtdipow.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xAA30EFC4]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xAA373510]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xAA3326A9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xAA311456]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xAA3114AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xAA3115C4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xAA33205D]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xAA3113AC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xAA3114FE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xAA311400]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xAA311572]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xAA30EFE8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xAA332D6F]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xAA333025]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xAA311848]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xAA332BDA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xAA332A45]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xAA3735C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xAA30EDB2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xAA30F00C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xAA3119BC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xAA30FAA4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xAA311486]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xAA3114D6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xAA3115EE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xAA3323B9]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xAA3113D8]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xAA311680]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xAA31153E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xAA31142E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xAA311764]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xAA31159C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xAA373658]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xAA3328C0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xAA30F96A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xAA332712]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xAA37B9E6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xAA3316D0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xAA30F030]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xAA30F054]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xAA30EE0C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xAA30EF48]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xAA332E76]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xAA30EF24]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xAA30EF6C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xAA30F078]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xAA3877A2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2CD8 80504574 4 Bytes CALL D0FA7668
    .text ntkrnlpa.exe!ZwCallbackReturn + 2F31 805047CD 7 Bytes [F0, 30, AA, 54, F0, 30, AA] {LOCK XOR [EDX-0x55cf0fac], CH}
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL AA31000F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP AA38469C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP AA38615C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP AA3877A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
    .text win32k.sys!EngSetLastError + 79A8 BF8242D4 5 Bytes JMP AA311B9A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85198B 5 Bytes JMP AA311AD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E514 5 Bytes JMP AA311DE6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E59F 5 Bytes JMP AA311FBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreatePalette + 88 BF85F812 5 Bytes JMP AA311ABE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngGetCurrentCodePage + 4128 BF873F30 5 Bytes JMP AA311F76 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCopyBits + 4DEC BF89DBA0 5 Bytes JMP AA311C0A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + A9F7 BF8C2130 5 Bytes JMP AA311CA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1517 BF8CA592 5 Bytes JMP AA311D14 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngFillPath + 1797 BF8CA812 5 Bytes JMP AA311D4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC297 5 Bytes JMP AA3119F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 19DF BF91348A 5 Bytes JMP AA311B56 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 25B3 BF91405E 5 Bytes JMP AA311C6E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateClip + 4F2C BF9169D7 5 Bytes JMP AA3120D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    ? C:\DOCUME~1\Monkey\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe[384] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\hkcmd.exe[420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\hkcmd.exe[420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\hkcmd.exe[420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\hkcmd.exe[420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\hkcmd.exe[420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\hkcmd.exe[420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\hkcmd.exe[420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\hkcmd.exe[420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\hkcmd.exe[420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003B1014
    .text C:\WINDOWS\system32\hkcmd.exe[420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003B0804
    .text C:\WINDOWS\system32\hkcmd.exe[420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003B0A08
    .text C:\WINDOWS\system32\hkcmd.exe[420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003B0C0C
    .text C:\WINDOWS\system32\hkcmd.exe[420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003B0E10
    .text C:\WINDOWS\system32\hkcmd.exe[420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003B01F8
    .text C:\WINDOWS\system32\hkcmd.exe[420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\system32\hkcmd.exe[420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003B0600
    .text C:\WINDOWS\system32\spoolsv.exe[656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\spoolsv.exe[656] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\spoolsv.exe[656] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\spoolsv.exe[656] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\spoolsv.exe[656] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\spoolsv.exe[656] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\spoolsv.exe[656] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\spoolsv.exe[656] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\spoolsv.exe[656] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\spoolsv.exe[656] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\spoolsv.exe[656] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\spoolsv.exe[656] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\spoolsv.exe[656] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\spoolsv.exe[656] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\spoolsv.exe[656] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\spoolsv.exe[656] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\smss.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Java\jre6\bin\jqs.exe[760] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\csrss.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\csrss.exe[812] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003B0804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003B0A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003B0600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003B01F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[816] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003B03FC
    .text C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
    .text C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
    .text C:\WINDOWS\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[880] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\services.exe[880] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\services.exe[880] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\services.exe[880] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\services.exe[880] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\services.exe[880] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\services.exe[880] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\services.exe[880] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[892] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\lsass.exe[892] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\lsass.exe[892] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\lsass.exe[892] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\lsass.exe[892] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\lsass.exe[892] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\lsass.exe[892] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\lsass.exe[892] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Google\Update\GoogleUpdate.exe[1116] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1124] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003F1014
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003F0804
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003F0A08
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003F0C0C
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003F0E10
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003F01F8
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003F03FC
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003F0600
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00AA0804
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00AA0A08
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00AA0600
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 00AA01F8
    .text C:\Documents and Settings\Monkey\My Documents\Downloads\bzimwpie.exe[1128] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 00AA03FC
    .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\igfxsrvc.exe[1168] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\System32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\svchost.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\System32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\System32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\svchost.exe[1200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\svchost.exe[1200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[1224] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[1300] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\system32\igfxpers.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\igfxpers.exe[1368] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\igfxpers.exe[1368] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\igfxpers.exe[1368] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\igfxpers.exe[1368] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\igfxpers.exe[1368] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\igfxpers.exe[1368] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1388] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1388] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1420] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1420] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\IDT\WDM\STacSV.exe[1480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\sttray.exe[1688] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\WINDOWS\sttray.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\sttray.exe[1688] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\WINDOWS\sttray.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\sttray.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\sttray.exe[1688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\sttray.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\sttray.exe[1688] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\sttray.exe[1688] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\sttray.exe[1688] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\WINDOWS\sttray.exe[1688] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\WINDOWS\sttray.exe[1688] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\WINDOWS\sttray.exe[1688] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\WINDOWS\sttray.exe[1688] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\WINDOWS\sttray.exe[1688] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\WINDOWS\sttray.exe[1688] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\sttray.exe[1688] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\ctfmon.exe[1732] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\ctfmon.exe[1732] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\ctfmon.exe[1732] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\ctfmon.exe[1732] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\ctfmon.exe[1732] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\ctfmon.exe[1732] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1800] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[1800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[1800] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[1800] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1840] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1860] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\Explorer.EXE[1860] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\Explorer.EXE[1860] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\Explorer.EXE[1860] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\Explorer.EXE[1860] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\Explorer.EXE[1860] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\Explorer.EXE[1860] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\Explorer.EXE[1860] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\Explorer.EXE[1860] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\Explorer.EXE[1860] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\Explorer.EXE[1860] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\Explorer.EXE[1860] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\Explorer.EXE[1860] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\Explorer.EXE[1860] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\Explorer.EXE[1860] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\WINDOWS\system32\AESTFltr.exe[2036] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\WINDOWS\system32\svchost.exe[2076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\svchost.exe[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\svchost.exe[2076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\svchost.exe[2076] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\svchost.exe[2076] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe[2348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 030C1014
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 030C0804
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 030C0A08
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 030C0C0C
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 030C0E10
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 030C01F8
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 030C03FC
    .text C:\Program Files\Mozilla Firefox\firefox.exe[2488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 030C0600
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\Program Files\Stardock\ObjectDock\ObjectDock.exe[2536] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
    .text C:\WINDOWS\system32\NOTEPAD.EXE[2788] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003A1014
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003A0804
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003A0A08
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003A0C0C
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003A0E10
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A01F8
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A03FC
    .text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3028] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003A0600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00711014
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00710804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00710A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00710C0C
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00710E10
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007101F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007103FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00710600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00720804
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106ACCFA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106ACC8C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E78C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00720A08
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00720600
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007201F8
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007203FC
    .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3216] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045ED49 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3324] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\system32\wbem\wmiprvse.exe[3460] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
    .text C:\WINDOWS\System32\alg.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
    .text C:\WINDOWS\System32\alg.exe[3608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\WINDOWS\System32\alg.exe[3608] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
    .text C:\WINDOWS\System32\alg.exe[3608] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
    .text C:\WINDOWS\System32\alg.exe[3608] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
    .text C:\WINDOWS\System32\alg.exe[3608] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
    .text C:\WINDOWS\System32\alg.exe[3608] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
    .text C:\WINDOWS\System32\alg.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
    .text C:\WINDOWS\System32\alg.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
    .text C:\WINDOWS\System32\alg.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
    .text C:\WINDOWS\System32\alg.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
    .text C:\WINDOWS\System32\alg.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
    .text C:\WINDOWS\System32\alg.exe[3608] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
    .text C:\WINDOWS\System32\alg.exe[3608] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
    .text C:\WINDOWS\System32\alg.exe[3608] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
    .text C:\program files\real\realplayer\update\realsched.exe[3992] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
    .text C:\program files\real\realplayer\update\realsched.exe[3992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
    .text C:\program files\real\realplayer\update\realsched.exe[3992] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
    .text C:\program files\real\realplayer\update\realsched.exe[3992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
    .text C:\program files\real\realplayer\update\realsched.exe[3992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
    .text C:\program files\real\realplayer\update\realsched.exe[3992] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
    .text C:\program files\real\realplayer\update\realsched.exe[3992] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
    .text C:\program files\real\realplayer\update\realsched.exe[3992] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005F0002
    IAT C:\WINDOWS\system32\services.exe[880] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005F0000

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1032383

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice