764D9F3A 5 Bytes JMP 00CA01F8
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 00CA03FC
.text C:\Windows\System32\svchost.exe[1320] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1320] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1320] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1360] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00190600
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00190804
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00190A08
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001901F8
.text C:\Windows\system32\svchost.exe[1360] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001903FC
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00260600
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00260804
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00260A08
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 002601F8
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 002603FC
.text C:\Windows\system32\rundll32.exe[1400] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000601F8
.text C:\Windows\system32\rundll32.exe[1400] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000603FC
.text C:\Windows\system32\rundll32.exe[1400] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00070600
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00070804
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\rundll32.exe[1400] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00080600
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\rundll32.exe[1400] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000801F8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1548] kernel32.dll!SetUnhandledExceptionFilter 76C1A8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1548] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1996] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1996] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1996] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 001A0600
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 001A0804
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 001A0A08
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001A01F8
.text C:\Windows\System32\spoolsv.exe[1996] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001A03FC
.text C:\Windows\system32\taskeng.exe[2028] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2028] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2028] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2028] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2028] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2044] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2044] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2044] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[2044] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\taskeng.exe[2144] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2144] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2144] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00170600
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\taskeng.exe[2144] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00180600
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00180804
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\taskeng.exe[2144] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2220] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2436] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2436] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2436] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2492] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2492] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2492] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2492] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[2556] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[2556] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[2556] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\SearchIndexer.exe[2576] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2576] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2576] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[2576] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[2576] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[2652] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[2652] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[2652] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[2652] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[2652] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe[2888] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 001701F8
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 001501F8
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 001503FC
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 001903FC
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00190600
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00191014
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00190804
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00190A08
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00190C0C
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00190E10
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 001901F8
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 001A0600
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 001A0804
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 001A0A08
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 001A01F8
.text C:\Users\liz.paul-PC\Desktop\48spklmg.exe[3284] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 001A03FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3700] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ntdll.dll!LdrLoadDll 77B59378 5 Bytes JMP 000501F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ntdll.dll!LdrUnloadDll 77B6B680 5 Bytes JMP 000503FC
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] kernel32.dll!GetBinaryTypeW + 70 76C42467 1 Byte [62]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!CreateServiceW 769E9EB4 5 Bytes JMP 000703FC
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!DeleteService 769EA07E 5 Bytes JMP 00070600
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 76A26CD9 5 Bytes JMP 00071014
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 76A26DD9 5 Bytes JMP 00070804
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 76A26F81 5 Bytes JMP 00070A08
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 76A27099 5 Bytes JMP 00070C0C
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 76A271E1 5 Bytes JMP 00070E10
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] ADVAPI32.dll!CreateServiceA 76A272A1 5 Bytes JMP 000701F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!SetWindowsHookExA 764D6322 5 Bytes JMP 00080600
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!SetWindowsHookExW 764D87AD 5 Bytes JMP 00080804
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!UnhookWindowsHookEx 764D98DB 5 Bytes JMP 00080A08
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!SetWinEventHook 764D9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[3724] USER32.dll!UnhookWinEvent 764DC06F 5 Bytes JMP 000803FC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00B70002
IAT C:\Windows\system32\services.exe[624] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00B70000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----