Jump to content


[RESOLVED] Laptop shuts down

Started By Bent Club, May 08 2011 12:10 AM

33 replies to this topic

#1 Bent Club

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 08 May 2011 - 12:10 AM

Quote from girl

I put the computer in safe mode and did the combofix. Now everything I try to open gives me a message saying illegal operation attempted on a registry key that has been marked for deletion.

#2 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 08 May 2011 - 12:35 AM

Had her reboot . OK now.she disabled avast for in minutes . here is the combo log.
ComboFix 11-05-04.04 - Jen 05/05/2011 9:17.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.268 [GMT -4:00]
Running from: c:\users\Jen\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
.
c:\windows\system32\userinit.exe . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 02:34 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-05 02:34 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-05 02:34 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-05 02:34 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-05 02:34 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-05 02:34 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-05 02:33 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-05 02:33 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-05 02:33 . 2011-05-05 02:33 -------- d-----w- c:\programdata\AVAST Software
2011-05-05 02:33 . 2011-05-05 02:33 -------- d-----w- c:\program files\AVAST Software
2011-05-05 02:32 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-05 00:23 . 2011-05-05 00:23 -------- d-----w- c:\users\Jen\AppData\Roaming\Malwarebytes
2011-05-05 00:23 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 00:22 . 2011-05-05 00:22 -------- d-----w- c:\programdata\Malwarebytes
2011-05-05 00:22 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 00:22 . 2011-05-05 00:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 00:13 . 2011-05-05 00:13 -------- d-----w- c:\program files\Zone Labs
2011-05-05 00:12 . 2011-05-05 00:12 -------- d-----w- c:\programdata\CheckPoint
2011-05-05 00:12 . 2011-05-05 00:13 -------- d-----w- c:\windows\Internet Logs
2011-05-05 00:11 . 2011-05-05 00:11 388096 ----a-r- c:\users\Jen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-05 00:11 . 2011-05-05 00:11 -------- d-----w- c:\program files\Trend Micro
2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\users\Jen\AppData\Roaming\InstallShield
2011-05-02 18:40 . 2011-05-02 18:40 -------- d-----w- c:\users\Jen\AppData\Roaming\WinBatch
2011-04-19 02:59 . 2011-04-19 02:59 -------- d-----w- C:\perflogs
2011-04-16 18:51 . 2011-04-14 20:30 6792528 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE7E2A6C-E354-42AD-81E8-CF7CCB63C1DF}\mpengine.dll
2011-04-16 18:51 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-15 22:04 . 2011-02-22 06:16 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2011-04-09 01:51 . 2011-04-09 01:51 -------- d-----w- c:\users\Jen\AppData\Roaming\WildTangent
2011-04-09 00:57 . 2011-04-09 01:54 -------- d-----w- c:\users\Jen\AppData\Local\Microsoft Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 01:12 . 2011-03-17 01:12 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-03-17 01:12 . 2011-03-17 01:12 3 --sh--r- c:\windows\system32\drivers\taishop.sys
2011-02-22 14:13 . 2011-03-23 01:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 01:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 01:47 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-18 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-19 1862144]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 135664]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 02:37]
.
2011-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 02:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d??l/?????;? ;?X ;?? ;??
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-05-05 09:53:17 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-05 13:52
.
Pre-Run: 194,025,132,032 bytes free
Post-Run: 193,637,535,744 bytes free
.
- - End Of File - - E7071BEAFA25B99C6ACE2F023B05E748

#3 Broni Re: [RESOLVED] Laptop shuts down

    Malware Annihilator

  • 24,880 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 01:13 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 9h 13m 9s

Posted 08 May 2011 - 01:01 AM

You need to restart computer to fix that issue.
The computer is surely infected.

You shouldn't be starting with Combofix.

Start with completing steps from here: http://www.smartestc...ease-read-this/
Posted Image Posted Image


#4 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 08 May 2011 - 01:04 AM

I sent her that Broni . Combo is what i got back, and avast was disabled for 10 minutes .
Just told her to start over .

#5 Broni Re: [RESOLVED] Laptop shuts down

    Malware Annihilator

  • 24,880 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 01:13 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 9h 13m 9s

Posted 08 May 2011 - 01:05 AM

OK :)
Posted Image Posted Image


#6 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 09 May 2011 - 11:30 AM

The two times her computer shut down was on her e mail acct after approx 15 minutes . I just got back three i sent her the other day as undeliverable.
Could be where the confusion is .

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6534
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
09/05/2011 1:02:24 AM
mbam-log-2011-05-09 (01-02-24).txt
Scan type: Full scan (C:\|)
Objects scanned: 258824
Time elapsed: 1 hour(s), 9 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected).

MB don't seem to be picking anything up .

#7 Broni Re: [RESOLVED] Laptop shuts down

    Malware Annihilator

  • 24,880 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 01:13 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 9h 13m 9s

Posted 09 May 2011 - 11:48 PM

Go on with other logs....
Posted Image Posted Image


#8 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 10 May 2011 - 12:13 AM

As we speak.

#9 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 11 May 2011 - 12:23 AM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by at 19:23:56.62 on 10/05/2011
Internet Explorer: 8.0.6001.19048
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.180 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Toshiba\IVP\swupdate\swupdtmr.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\java.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Utilities\KeNotify.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Common Files\microsoft shared\virtualization handler\VirtualSearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PR4U4QNB\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [HWSetup] \HWSetup.exe hwSetUP
mRun: [SVPWUTIL] c:\program files\toshiba\utilities\SVPWUTIL.exe SVPwUTIL
mRun: [KeNotify] c:\program files\toshiba\utilities\KeNotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [LELA] "c:\program files\linksys\linksys easylink advisor\Linksys EasyLink Advisor.exe" /minimized
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp3.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\GoogleDesktopNetwork3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-4 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-4 307288]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2011-3-17 20352]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-4 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-4 53592]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-4 42184]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-17 135664]
.
=============== Created Last 30 ================
.
2011-05-10 20:42:20 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{9f0a835d-2e38-4162-960b-d9e27b1e9352}\mpengine.dll
2011-05-10 03:20:08 -------- d-----w- C:\gmer
2011-05-10 02:11:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-10 02:10:55 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 23:52:42 -------- d-----w- c:\users\jen\appdata\local\temp
2011-05-07 23:47:54 -------- d-sh--w- C:\$RECYCLE.BIN
2011-05-07 23:07:39 -------- d-----w- c:\windows\pss
2011-05-07 18:49:22 -------- d-----w- c:\program files\Lavalys
2011-05-06 20:55:08 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-06 20:55:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-06 00:44:53 24888 ----a-w- c:\windows\system32\drivers\pnarp.sys
2011-05-06 00:44:35 26424 ----a-w- c:\windows\system32\drivers\purendis.sys
2011-05-06 00:44:24 -------- d-----w- c:\program files\common files\Pure Networks Shared
2011-05-06 00:44:07 -------- d-----w- c:\progra~2\Pure Networks
2011-05-05 13:13:18 89088 ----a-w- c:\windows\MBR.exe
2011-05-05 13:13:17 98816 ----a-w- c:\windows\sed.exe
2011-05-05 13:13:17 256512 ----a-w- c:\windows\PEV.exe
2011-05-05 13:13:17 161792 ----a-w- c:\windows\SWREG.exe
2011-05-05 02:34:38 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-05 02:34:34 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-05 02:33:54 40112 ----a-w- c:\windows\avastSS.scr
2011-05-05 02:33:27 -------- d-----w- c:\program files\AVAST Software
2011-05-05 02:33:27 -------- d-----w- c:\progra~2\AVAST Software
2011-05-05 02:32:57 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-05 00:23:10 -------- d-----w- c:\users\jen\appdata\roaming\Malwarebytes
2011-05-05 00:22:59 -------- d-----w- c:\progra~2\Malwarebytes
2011-05-05 00:22:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 00:13:15 -------- d-----w- c:\program files\Zone Labs
2011-05-05 00:12:46 -------- d-----w- c:\progra~2\CheckPoint
2011-05-05 00:12:45 -------- d-----w- c:\windows\Internet Logs
2011-05-05 00:11:40 388096 ----a-r- c:\users\jen\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-05-05 00:11:40 -------- d-----w- c:\program files\Trend Micro
2011-05-02 18:40:20 -------- d-----w- c:\users\jen\appdata\roaming\WinBatch
2011-04-19 02:59:09 -------- d-----w- C:\perflogs
2011-04-16 18:52:10 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2011-04-16 18:51:43 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-15 22:04:59 743424 ----a-w- c:\program files\internet explorer\iedvtool.dll
.
==================== Find3M ====================
.
2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 06:21:28 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 06:17:08 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 06:16:53 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 06:16:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-02-22 06:16:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-02-22 05:20:39 385024 ----a-w- c:\windows\system32\html.iec
2011-02-22 04:43:54 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-02-22 04:42:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-02-17 06:23:50 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 16:16:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02:23 292864 ----a-w- c:\windows\system32\atmfd.dll
.
============= FINISH: 19:25:42.94 ===============

#10 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 11 May 2011 - 12:24 AM

DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 16/03/2011 11:23:26 PM
System Uptime: 10/05/2011 4:49:35 PM (3 hours ago)
.
Motherboard: TOSHIBA | | ISKAA
Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz | U2E1 | 1733/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 231 GiB total, 203.626 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP132: 06/05/2011 12:21:54 AM - Scheduled Checkpoint
RP133: 06/05/2011 4:46:46 PM - Windows Update
RP134: 06/05/2011 4:59:25 PM - Windows Update
RP135: 06/05/2011 8:00:38 PM - Windows Update
RP136: 07/05/2011 11:06:55 PM - Scheduled Checkpoint
RP137: 09/05/2011 2:41:04 AM - Scheduled Checkpoint
RP138: 09/05/2011 5:30:35 PM - Scheduled Checkpoint
RP139: 10/05/2011 4:40:29 PM - Windows Update
.
==== Installed Programs ======================
.
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
Adobe Shockwave Player 11.5
ALPS Touch Pad Driver
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
CD/DVD Drive Acoustic Silencer
DVD MovieFactory for TOSHIBA
EVEREST Ultimate Edition v4.60
GearDrvs
Google Desktop
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 3
Linksys EasyLink Advisor
Malwarebytes' Anti-Malware
Memeo AutoBackup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton 360
Picasa 2
Pure Networks Platform
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Windows Media Encoder (KB2447961)
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Flash Cards Support Utility
TOSHIBA Games
TOSHIBA Hardware Setup
Toshiba Registration
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Utility Common Driver
WebEx Support Manager for Internet Explorer
Windows Media Encoder 9 Series
.
==== Event Viewer Messages From Past Week ========
.
10/05/2011 4:51:29 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
10/05/2011 4:50:16 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:04 PM on 5/10/2011 was unexpected.
10/05/2011 4:34:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
07/05/2011 8:20:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
07/05/2011 8:20:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi spldr Wanarpv6
07/05/2011 8:20:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 8:20:36 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 8:20:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
07/05/2011 7:52:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
07/05/2011 7:46:06 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC jswpslwf NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
07/05/2011 7:11:35 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
07/05/2011 7:10:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
07/05/2011 7:10:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
07/05/2011 7:10:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
06/05/2011 4:44:14 PM, Error: EventLog [6008] - The previous system shutdown at 4:42:01 PM on 5/6/2011 was unexpected.
06/05/2011 4:34:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
06/05/2011 11:23:54 PM, Error: EventLog [6008] - The previous system shutdown at 11:21:16 PM on 5/6/2011 was unexpected.
06/05/2011 10:23:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wscsvc service.
05/05/2011 8:48:42 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 001EEC32D37D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
04/05/2011 7:27:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
04/05/2011 10:24:27 PM, Error: Microsoft-Windows-Kernel-General [5] - {Registry Hive Recovered} Registry hive (file): '\??\C:\Users\Jen\AppData\Local\Microsoft\Windows\UsrClass.dat' was corrupted and it has been recovered. Some data might have been lost.
.
==== End Of File ===========================

#11 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 11 May 2011 - 12:25 AM

MBRCheck, version 1.2.3
© 2010, AD
Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: TOSHIBA
System Manufacturer: TOSHIBA
System Product Name: Satellite A205
Logical Drives Mask: 0x0001000c
Kernel Drivers (total 157):
0x82041000 \SystemRoot\system32\ntkrnlpa.exe
0x8200E000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x8060A000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80686000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80693000 \SystemRoot\system32\drivers\acpi.sys
0x806D9000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E2000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EA000 \SystemRoot\system32\drivers\pci.sys
0x80711000 \SystemRoot\system32\DRIVERS\LPCFilter.sys
0x8071B000 \SystemRoot\System32\drivers\partmgr.sys
0x8072A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8072D000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80737000 \SystemRoot\system32\drivers\volmgr.sys
0x80746000 \SystemRoot\System32\drivers\volmgrx.sys
0x80790000 \SystemRoot\system32\drivers\intelide.sys
0x80797000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x807A5000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x807D2000 \SystemRoot\System32\drivers\mountmgr.sys
0x807E2000 \SystemRoot\system32\drivers\atapi.sys
0x805B5000 \SystemRoot\system32\drivers\ataport.SYS
0x807EA000 \SystemRoot\system32\drivers\msahci.sys
0x8260D000 \SystemRoot\system32\drivers\fltmgr.sys
0x8263F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8264F000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82658000 \SystemRoot\System32\Drivers\ksecdd.sys
0x826C9000 \SystemRoot\system32\drivers\ndis.sys
0x827D4000 \SystemRoot\system32\drivers\msrpc.sys
0x82C02000 \SystemRoot\system32\drivers\NETIO.SYS
0x82C3D000 \SystemRoot\System32\drivers\tcpip.sys
0x82D27000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x82E02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x82F12000 \SystemRoot\system32\drivers\volsnap.sys
0x82F4B000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x82F50000 \SystemRoot\system32\DRIVERS\tos_sps32.sys
0x82F9B000 \SystemRoot\System32\Drivers\spldr.sys
0x82FA3000 \SystemRoot\System32\Drivers\mup.sys
0x82FB2000 \SystemRoot\System32\drivers\ecache.sys
0x82FD9000 \SystemRoot\system32\drivers\disk.sys
0x82D42000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x82FEA000 \SystemRoot\system32\drivers\crcdisk.sys
0x82D78000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82D83000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82D8C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x89E02000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8A439000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8A4D9000 \SystemRoot\System32\drivers\watchdog.sys
0x8A4E5000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A4F0000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A52E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A53D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8A5CA000 \SystemRoot\system32\DRIVERS\Rtlh86.sys
0x8A609000 \SystemRoot\system32\DRIVERS\athr.sys
0x8A6F0000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8A700000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8A70E000 \SystemRoot\system32\drivers\tifm21.sys
0x8A75A000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8A774000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8A778000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8A78B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8A796000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8A7C8000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8A7CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A7D5000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x8A7DA000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A7F3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x82D9B000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8AA03000 \SystemRoot\system32\DRIVERS\storport.sys
0x8AA44000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8AA4F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8AA66000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8AA71000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8AA94000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8AAA3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8AAB7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8AACC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8AADC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8AADE000 \SystemRoot\system32\DRIVERS\ks.sys
0x8AB08000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8AB12000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8AB1F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8AB54000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8AC00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8AB65000 \SystemRoot\system32\drivers\portcls.sys
0x8AB92000 \SystemRoot\system32\drivers\drmk.sys
0x8AE0A000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8AF26000 \SystemRoot\system32\drivers\modem.sys
0x8AF33000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x8AFA3000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0x8AFA4000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0x8AFA5000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8AFAE000 \SystemRoot\System32\Drivers\Null.SYS
0x8AFB5000 \SystemRoot\System32\Drivers\Beep.SYS
0x8AFBC000 \SystemRoot\System32\drivers\vga.sys
0x8AFC8000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AFE9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8AFF1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ADF5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ABB7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AE00000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8ABC5000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8ABDB000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x8ABE5000 \SystemRoot\system32\DRIVERS\smb.sys
0x82DCA000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8B40A000 \SystemRoot\system32\drivers\afd.sys
0x8B452000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x8B457000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8B46D000 \SystemRoot\system32\DRIVERS\jswpslwf.sys
0x8B472000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8B480000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8B493000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8B4CF000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8B4D9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B4F0000 \SystemRoot\System32\Drivers\aswSP.SYS
0x8B539000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B546000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8B551000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x91AD0000 \SystemRoot\System32\win32k.sys
0x8B55B000 \SystemRoot\System32\drivers\Dxapi.sys
0x8B565000 \SystemRoot\system32\DRIVERS\monitor.sys
0x91CF0000 \SystemRoot\System32\TSDDD.dll
0x91D10000 \SystemRoot\System32\cdd.dll
0x8B574000 \SystemRoot\system32\drivers\luafv.sys
0x8B58F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8B5C7000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8B5CA000 \SystemRoot\system32\DRIVERS\Sftvollh.sys
0xA5C06000 \SystemRoot\system32\drivers\spsys.sys
0xA5CB6000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA5CC6000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA5CF0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA5CFA000 \SystemRoot\system32\DRIVERS\pnarp.sys
0xA5D04000 \SystemRoot\system32\DRIVERS\purendis.sys
0xA5D0E000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA5D21000 \SystemRoot\system32\drivers\HTTP.sys
0xA5D8E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA5DAB000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA5DC4000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA5DD9000 \SystemRoot\system32\drivers\mrxdav.sys
0x8B5D3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA6202000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA623B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA6253000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA627B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA62E2000 \SystemRoot\system32\drivers\peauth.sys
0xA63C0000 \SystemRoot\System32\Drivers\secdrv.SYS
0xAA400000 \SystemRoot\system32\DRIVERS\Sftfslh.sys
0xAA48C000 \SystemRoot\system32\DRIVERS\Sftplaylh.sys
0xAA4C2000 \SystemRoot\System32\drivers\tcpipreg.sys
0xAA4CE000 \SystemRoot\system32\DRIVERS\Sftredirlh.sys
0xAA4D7000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xAA4ED000 \??\C:\Users\Jen\AppData\Local\Temp\pftdypob.sys
0x77D20000 \Windows\System32\ntdll.dll
Processes (total 81):
0 System Idle Process
4 System
516 C:\Windows\System32\smss.exe
648 csrss.exe
692 C:\Windows\System32\wininit.exe
704 csrss.exe
736 C:\Windows\System32\services.exe
768 C:\Windows\System32\lsass.exe
776 C:\Windows\System32\lsm.exe
816 C:\Windows\System32\winlogon.exe
976 C:\Windows\System32\svchost.exe
1032 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
1076 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1192 C:\Windows\System32\svchost.exe
1240 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1360 C:\Windows\System32\audiodg.exe
1384 C:\Windows\System32\svchost.exe
1412 C:\Windows\System32\SLsvc.exe
1452 C:\Windows\System32\svchost.exe
1628 C:\Windows\System32\svchost.exe
1756 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
528 C:\Windows\System32\spoolsv.exe
620 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\agrsmsvc.exe
1828 C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
2068 C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
2204 C:\Toshiba\IVP\ISM\pinger.exe
2228 C:\Windows\System32\svchost.exe
2480 C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
2512 C:\Windows\System32\svchost.exe
2528 C:\Toshiba\IVP\swupdate\swupdtmr.exe
2552 C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
2564 C:\Windows\System32\java.exe
2600 C:\Windows\System32\TODDSrv.exe
2620 C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2652 C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
2760 C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
2816 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2832 C:\Windows\System32\svchost.exe
2860 C:\Windows\System32\SearchIndexer.exe
2988 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
3084 C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
3592 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3916 C:\Windows\System32\taskeng.exe
156 C:\Windows\System32\svchost.exe
2984 C:\Windows\System32\taskeng.exe
888 C:\Windows\System32\dwm.exe
3312 C:\Windows\explorer.exe
3580 C:\Windows\System32\wuauclt.exe
2924 C:\Windows\System32\hkcmd.exe
3924 C:\Windows\System32\igfxpers.exe
2576 C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
3240 C:\Program Files\Toshiba\SmoothView\SmoothView.exe
3128 C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
2956 C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
4408 C:\Program Files\Toshiba\Utilities\KeNotify.exe
4436 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
4732 C:\Windows\System32\igfxsrvc.exe
4804 C:\Windows\RtHDVCpl.exe
4812 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4836 C:\Program Files\AVAST Software\Avast\AvastUI.exe
4868 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
4876 C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
4884 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4892 C:\Program Files\Windows Media Player\wmpnscfg.exe
5064 C:\Program Files\Synaptics\SynTP\SynToshiba.exe
5324 C:\Program Files\Windows Media Player\wmpnetwk.exe
5824 C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
5996 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3800 C:\Windows\System32\wercon.exe
5032 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
4864 C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
6076 C:\Program Files\Internet Explorer\iexplore.exe
4084 C:\Program Files\Internet Explorer\iexplore.exe
5112 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
4124 C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
3044 taskeng.exe
5196 C:\Program Files\Internet Explorer\iexplore.exe
4300 C:\Users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0PPII4G\MBRCheck[1].exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)
\\.\Q: --> error 5
PhysicalDrive0 Model Number: WDCWD2500BEVT-22A23T0, Rev: 01.01A01
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61

Done!

#12 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 11 May 2011 - 12:26 AM

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-10 18:10:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD2500BEVT-22A23T0 rev.01.01A01
Running: gmer.exe; Driver: C:\Users\Jen\AppData\Local\Temp\pftdypob.sys

---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8AF46202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8AF487F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8AF48848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8AF4895E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8AF48746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8AF48898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8AF4879A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8AF4890C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8AF46226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8AF45FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8AF4624A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8AF48D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8AF46CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8AF48820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8AF48870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8AF48988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8AF48772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8AF488D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8AF487C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8AF48936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8AF46BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8AF4626E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8AF46292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8AF4604A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8AF46186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8AF46162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8AF461AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8AF462B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8B50F762]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 820ED890 4 Bytes [02, 62, F4, 8A]
.text ntkrnlpa.exe!KeSetEvent + 1D1 820ED954 8 Bytes [F0, 87, F4, 8A, 48, 88, F4, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 820ED960 4 Bytes [5E, 89, F4, 8A]
.text ntkrnlpa.exe!KeSetEvent + 1F5 820ED978 4 Bytes [46, 87, F4, 8A]
.text ntkrnlpa.exe!KeSetEvent + 215 820ED998 8 Bytes [98, 88, F4, 8A, 9A, 87, F4, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 822185C7 5 Bytes JMP 8B50B11E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 822714F3 5 Bytes JMP 8B50CBBC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 8227AE18 4 Bytes CALL 8AF4734B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 8227EA8C 4 Bytes CALL 8AF47361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 822D2DAE 7 Bytes JMP 8B50F766 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x82F51000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x82F9A000, 0x510, 0x40000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[156] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[156] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[156] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[156] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[156] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[156] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[156] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[156] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[156] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[156] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[156] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[528] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[528] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[528] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[528] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00110600
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00110804
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00110A08
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001101F8
.text C:\Windows\System32\spoolsv.exe[528] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001103FC
.text C:\Windows\system32\svchost.exe[620] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[620] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[620] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[620] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[620] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 000C1014
.text C:\Windows\system32\svchost.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 000C0C0C
.text C:\Windows\system32\svchost.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 000C0E10
.text C:\Windows\system32\svchost.exe[620] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[620] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00940600
.text C:\Windows\system32\svchost.exe[620] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00940804
.text C:\Windows\system32\svchost.exe[620] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00940A08
.text C:\Windows\system32\svchost.exe[620] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 009401F8
.text C:\Windows\system32\svchost.exe[620] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 009403FC
.text C:\Windows\system32\csrss.exe[648] KERNEL32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[692] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[692] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[692] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[692] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[692] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[704] KERNEL32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\lsass.exe[768] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\lsm.exe[776] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsm.exe[776] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsm.exe[776] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsm.exe[776] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\winlogon.exe[816] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[816] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[816] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 008903FC
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00890600
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00891014
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00890804
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00890A08
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00890C0C
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00890E10
.text C:\Windows\system32\winlogon.exe[816] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 008901F8
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 008A0600
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 008A0804
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 008A0A08
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 008A01F8
.text C:\Windows\system32\winlogon.exe[816] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 008A03FC
.text C:\Windows\system32\agrsmsvc.exe[860] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[860] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000803FC
.text C:\Windows\system32\agrsmsvc.exe[860] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[860] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000A03FC
.text C:\Windows\system32\agrsmsvc.exe[860] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 000A0600
.text C:\Windows\system32\agrsmsvc.exe[860] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 000A1014
.text C:\Windows\system32\agrsmsvc.exe[860] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 000A0804
.text C:\Windows\system32\agrsmsvc.exe[860] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 000A0A08
.text C:\Windows\system32\agrsmsvc.exe[860] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\agrsmsvc.exe[860] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\agrsmsvc.exe[860] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000A01F8
.text C:\Windows\system32\agrsmsvc.exe[860] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\agrsmsvc.exe[860] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\agrsmsvc.exe[860] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\agrsmsvc.exe[860] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\agrsmsvc.exe[860] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[888] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[888] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[888] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[888] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[888] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[888] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[888] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[888] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[888] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[888] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[888] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1032] KERNEL32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1076] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00180600
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00180804
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1076] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 001E0600
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 001E0804
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 001E0A08
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001E01F8
.text C:\Windows\System32\svchost.exe[1112] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001E03FC
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 001A0600
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 001A0804
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 001A0A08
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001A01F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001A03FC
.text C:\Windows\System32\svchost.exe[1240] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00CB0600
.text C:\Windows\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00CB0804
.text C:\Windows\System32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00CB0A08
.text C:\Windows\System32\svchost.exe[1240] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 00CB01F8
.text C:\Windows\System32\svchost.exe[1240] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 00CB03FC
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1280] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1280] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 000E0600
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 000E0804
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 000E0A08
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000E01F8
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000E03FC
.text C:\Windows\system32\AUDIODG.EXE[1360] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1384] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1384] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1384] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SLsvc.exe[1412] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1452] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1452] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1452] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00C70600
.text C:\Windows\system32\svchost.exe[1452] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00C70804
.text C:\Windows\system32\svchost.exe[1452] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00C70A08
.text C:\Windows\system32\svchost.exe[1452] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 00C701F8
.text C:\Windows\system32\svchost.exe[1452] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 00C703FC
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1628] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1628] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[1628] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001403FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1756] kernel32.dll!SetUnhandledExceptionFilter 7661A84F 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1756] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 002D0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 002D0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 002D0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 002D01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 002D03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 002E03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 002E0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 002E1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 002E0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 002E0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 002E0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 002E0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1828] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 002E01F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001601F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001603FC
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00180600
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00180804
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe[2068] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001803FC
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001401F8
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001403FC
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00160600
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00160804
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00160A08
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001601F8
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001603FC
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001703FC
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text C:\Toshiba\IVP\ISM\pinger.exe[2204] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[2228] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2228] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2228] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2228] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00BC0600
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00BC0804
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00BC0A08
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 00BC01F8
.text C:\Windows\system32\svchost.exe[2228] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 00BC03FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000B03FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 000B0600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 000B1014
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 000B0804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 000B0A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 000B0C0C
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 000B0E10
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000B01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 000C0600
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 000C0804
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 000C0A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000C01F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe[2480] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[2512] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2512] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2512] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2512] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001401F8
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001403FC
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00160600
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00160804
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00160A08
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001601F8
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001603FC
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001703FC
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text c:\Toshiba\IVP\swupdate\swupdtmr.exe[2528] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00190600
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00191014
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00190804
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00190A08
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00190C0C
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00190E10
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[2552] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001901F8
.text C:\Windows\system32\java.exe[2564] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\java.exe[2564] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000A03FC
.text C:\Windows\system32\java.exe[2564] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\java.exe[2564] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\java.exe[2564] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\java.exe[2564] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\java.exe[2564] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\java.exe[2564] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\java.exe[2564] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\java.exe[2564] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\java.exe[2564] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\java.exe[2564] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00CC0600
.text C:\Windows\system32\java.exe[2564] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00CC0804
.text C:\Windows\system32\java.exe[2564] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00CC0A08
.text C:\Windows\system32\java.exe[2564] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 00CC01F8
.text C:\Windows\system32\java.exe[2564] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 00CC03FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2576] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001B03FC
.text C:\Windows\system32\TODDSrv.exe[2600] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\TODDSrv.exe[2600] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\TODDSrv.exe[2600] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\TODDSrv.exe[2600] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Windows\system32\TODDSrv.exe[2600] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\TODDSrv.exe[2600] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\TODDSrv.exe[2600] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\TODDSrv.exe[2600] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\TODDSrv.exe[2600] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\TODDSrv.exe[2600] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\TODDSrv.exe[2600] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\TODDSrv.exe[2600] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\TODDSrv.exe[2600] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\TODDSrv.exe[2600] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\TODDSrv.exe[2600] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\TODDSrv.exe[2600] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[2620] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001B03FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[2652] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00180A08
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe[2760] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[2816] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001601F8
.text C:\Windows\System32\svchost.exe[2832] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2832] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2832] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2832] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2832] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2832] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2832] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2832] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2832] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2832] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2832] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[2860] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[2860] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[2860] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2860] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\SearchIndexer.exe[2860] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\SearchIndexer.exe[2860] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\SearchIndexer.exe[2860] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\SearchIndexer.exe[2860] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\SearchIndexer.exe[2860] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\SearchIndexer.exe[2860] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\SearchIndexer.exe[2860] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\SearchIndexer.exe[2860] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00190600
.text C:\Windows\system32\SearchIndexer.exe[2860] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00190804
.text C:\Windows\system32\SearchIndexer.exe[2860] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00190A08
.text C:\Windows\system32\SearchIndexer.exe[2860] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001901F8
.text C:\Windows\system32\SearchIndexer.exe[2860] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[2924] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[2924] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[2924] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[2924] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[2924] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[2924] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[2924] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[2924] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[2924] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[2924] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[2924] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[2924] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[2924] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[2924] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[2924] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[2924] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001901F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 003D0600
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 003D0804
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] USER32.dll!UnhookWindowsHookEx 763C98DB 3 Bytes JMP 003D0A08
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] USER32.dll!UnhookWindowsHookEx + 4 763C98DF 1 Byte [8A]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 003D01F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] USER32.dll!UnhookWinEvent 763CC06F 3 Bytes JMP 003D03FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] USER32.dll!UnhookWinEvent + 4 763CC073 1 Byte [8A]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 003E03FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 003E0600
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 003E1014
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 003E0804
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 003E0A08
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 003E0C0C
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 003E0E10
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2956] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 003E01F8
.text C:\Windows\system32\taskeng.exe[2984] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2984] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2984] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2984] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2984] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2984] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2984] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\taskeng.exe[2984] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\taskeng.exe[2984] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[2984] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\taskeng.exe[2984] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe[2988] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000901F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000903FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001103FC
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00110600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00111014
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00110804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00110A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00110C0C
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00110E10
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001101F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00120600
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00120804
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00120A08
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001201F8
.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[3084] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001203FC
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[3128] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00270600
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00270804
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00270A08
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 002701F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 002703FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 002803FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00280600
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00281014
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00280804
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00280A08
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00280C0C
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00280E10
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[3240] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 002801F8
.text C:\Windows\Explorer.EXE[3312] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3312] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3312] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\Explorer.EXE[3312] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3312] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3312] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3312] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3312] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3312] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3312] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3312] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3312] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[3312] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[3312] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[3312] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[3312] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[3580] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\wuauclt.exe[3580] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000603FC
.text C:\Windows\system32\wuauclt.exe[3580] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[3580] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00070600
.text C:\Windows\system32\wuauclt.exe[3580] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00070804
.text C:\Windows\system32\wuauclt.exe[3580] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00070A08
.text C:\Windows\system32\wuauclt.exe[3580] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[3580] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\wuauclt.exe[3580] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00090600
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00090804
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00090A08
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3592] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\taskeng.exe[3916] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3916] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3916] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3916] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\taskeng.exe[3916] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\taskeng.exe[3916] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\taskeng.exe[3916] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\taskeng.exe[3916] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\taskeng.exe[3916] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\taskeng.exe[3916] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\taskeng.exe[3916] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\taskeng.exe[3916] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00180600
.text C:\Windows\system32\taskeng.exe[3916] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00180804
.text C:\Windows\system32\taskeng.exe[3916] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\taskeng.exe[3916] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\taskeng.exe[3916] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[3924] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[3924] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[3924] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[3924] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[3924] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\gmer\gmer.exe[4084] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Toshiba\Utilities\KeNotify.exe[4408] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00180600
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00180804
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[4436] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[4732] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[4732] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[4732] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[4732] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[4732] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[4732] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[4732] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[4732] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[4732] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[4732] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[4732] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[4732] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[4732] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[4732] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[4732] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[4732] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[4804] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[4804] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[4804] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[4804] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[4804] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[4804] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[4804] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[4804] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[4804] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[4804] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[4804] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[4804] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[4804] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[4804] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00180A08
.text C:\Windows\RtHDVCpl.exe[4804] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[4804] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4812] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4836] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00191014
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00190C0C
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00190E10
.text C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe[4868] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001901F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001401F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001403FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00160600
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00160804
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[4876] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[4884] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[4892] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[5064] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5324] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00200600
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00200804
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00200A08
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 002001F8
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 002003FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 003103FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00310600
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00311014
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00310804
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00310A08
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00310C0C
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00310E10
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[5824] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 003101F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ntdll.dll!LdrLoadDll 77D493A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ntdll.dll!LdrUnloadDll 77D5B740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] kernel32.dll!GetBinaryTypeW + 70 76642247 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] USER32.dll!SetWindowsHookExA 763C6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] USER32.dll!SetWindowsHookExW 763C87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] USER32.dll!UnhookWindowsHookEx 763C98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] USER32.dll!SetWinEventHook 763C9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] USER32.dll!UnhookWinEvent 763CC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ADVAPI32.dll!CreateServiceW 77039EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ADVAPI32.dll!DeleteService 7703A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ADVAPI32.dll!SetServiceObjectSecurity 77076CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ADVAPI32.dll!ChangeServiceConfigA 77076DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ADVAPI32.dll!ChangeServiceConfigW 77076F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ADVAPI32.dll!ChangeServiceConfig2A 77077099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ADVAPI32.dll!ChangeServiceConfig2W 770771E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5996] ADVAPI32.dll!CreateServiceA 770772A1 5 Bytes JMP 001801F8
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001C0002
IAT C:\Windows\system32\services.exe[736] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001C0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Files - GMER 1.0.15 ----
File C:\## aswSnx private storage 0 bytes
File C:\## aswSnx private storage\r9 0 bytes
File C:\## aswSnx private storage\snx_rhive 262144 bytes
File C:\## aswSnx private storage\snx_rhive.LOG1 25600 bytes
File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
File C:\## aswSnx private storage\snx_rhive{b24cd13d-7714-11e0-ade8-001eec32d37d}.TM.blf 65536 bytes
File C:\## aswSnx private storage\snx_rhive{b24cd13d-7714-11e0-ade8-001eec32d37d}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\snx_rhive{b24cd13d-7714-11e0-ade8-001eec32d37d}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
File C:\## aswSnx private storage\webStorage 0 bytes
File C:\## aswSnx private storage\webStorage\attrib 0 bytes
File C:\## aswSnx private storage\webStorage\image 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\FIREFOX.EXE-95C3D2A3.pf 14642 bytes
File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\IEXPLORE.EXE-8F1B6CBC.pf 14548 bytes
File C:\## aswSnx private storage\webStorage\snx_fs.dat 612 bytes
---- EOF - GMER 1.0.15 ----

#13 Broni Re: [RESOLVED] Laptop shuts down

    Malware Annihilator

  • 24,880 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 01:13 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 9h 13m 9s

Posted 11 May 2011 - 01:01 AM

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Posted Image Posted Image


#14 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 11 May 2011 - 01:37 AM

Will do . Thanks
Still no score in game .

#15 Broni Re: [RESOLVED] Laptop shuts down

    Malware Annihilator

  • 24,880 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 01:13 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 9h 13m 9s

Posted 11 May 2011 - 01:45 AM

OMG! I'm having a heart attack :)
Posted Image Posted Image


#16 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 11 May 2011 - 08:53 AM

ComboFix 11-05-09.04 - Jen 10/05/2011 22:30:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1014.275 [GMT -4:00]
Running from: c:\users\Jen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\D0PPII4G\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 02:41 . 2011-05-11 02:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-10 20:42 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F0A835D-2E38-4162-960B-D9E27B1E9352}\mpengine.dll
2011-05-10 03:20 . 2011-05-10 03:20 -------- d-----w- C:\gmer
2011-05-10 02:11 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-10 02:10 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-07 23:52 . 2011-05-11 02:41 -------- d-----w- c:\users\Jen\AppData\Local\temp
2011-05-07 18:49 . 2011-05-07 18:49 -------- d-----w- c:\program files\Lavalys
2011-05-06 20:55 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-05-06 20:55 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-06 00:44 . 2008-04-09 04:14 24888 ----a-w- c:\windows\system32\drivers\pnarp.sys
2011-05-06 00:44 . 2008-04-09 04:14 26424 ----a-w- c:\windows\system32\drivers\purendis.sys
2011-05-06 00:44 . 2011-05-06 00:44 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2011-05-06 00:44 . 2011-05-06 00:44 -------- d-----w- c:\programdata\Pure Networks
2011-05-05 02:34 . 2011-04-18 17:12 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-05 02:34 . 2011-04-18 17:17 307288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-05 02:34 . 2011-04-18 17:13 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-05 02:34 . 2011-04-18 17:16 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-05 02:34 . 2011-04-18 17:17 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-05 02:34 . 2011-04-18 17:13 53592 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-05 02:33 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-05 02:33 . 2011-04-18 17:25 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-05 02:33 . 2011-05-05 02:33 -------- d-----w- c:\programdata\AVAST Software
2011-05-05 02:33 . 2011-05-05 02:33 -------- d-----w- c:\program files\AVAST Software
2011-05-05 02:32 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-05-05 00:23 . 2011-05-05 00:23 -------- d-----w- c:\users\Jen\AppData\Roaming\Malwarebytes
2011-05-05 00:22 . 2011-05-05 00:22 -------- d-----w- c:\programdata\Malwarebytes
2011-05-05 00:22 . 2011-05-10 02:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 00:13 . 2011-05-05 00:13 -------- d-----w- c:\program files\Zone Labs
2011-05-05 00:12 . 2011-05-05 00:12 -------- d-----w- c:\programdata\CheckPoint
2011-05-05 00:12 . 2011-05-05 00:13 -------- d-----w- c:\windows\Internet Logs
2011-05-05 00:11 . 2011-05-05 00:11 388096 ----a-r- c:\users\Jen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-05 00:11 . 2011-05-05 00:11 -------- d-----w- c:\program files\Trend Micro
2011-05-04 23:11 . 2011-05-04 23:11 -------- d-----w- c:\users\Jen\AppData\Roaming\InstallShield
2011-05-02 18:40 . 2011-05-02 18:40 -------- d-----w- c:\users\Jen\AppData\Roaming\WinBatch
2011-04-19 02:59 . 2011-04-19 02:59 -------- d-----w- C:\perflogs
2011-04-16 18:51 . 2011-02-02 22:11 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-15 22:04 . 2011-02-22 06:16 743424 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-17 01:12 . 2011-03-17 01:12 13 --sh--r- c:\windows\system32\drivers\fbd.sys
2011-03-17 01:12 . 2011-03-17 01:12 3 --sh--r- c:\windows\system32\drivers\taishop.sys
2011-03-03 15:40 . 2011-05-06 20:55 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-06 20:55 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-06 20:55 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-06 20:55 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 01:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 01:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 01:47 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2008-01-30 430080]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-03-18 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HWSetup"="\HWSetup.exe hwSetUP" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-20 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-20 129560]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-06-16 448080]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-11 180224]
"NDSTray.exe"="NDSTray.exe" [BU]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-23 438272]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-07 34352]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-19 1862144]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-30 4911104]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-20 1451304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 135664]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [2007-10-30 937984]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwf.sys [2007-09-01 20352]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-04-18 53592]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [2007-12-04 126976]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pftdypob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 02:37]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-18 02:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 22:41
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
‚ÞgµM‚ÞhçO‚Þi [-561889119] 0x005C003A
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????d??l/?????;? ;?X ;?? ;??
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-05-10 22:45:59
ComboFix-quarantined-files.txt 2011-05-11 02:45
ComboFix2.txt 2011-05-07 23:52
ComboFix3.txt 2011-05-05 13:53
.
Pre-Run: 218,621,145,088 bytes free
Post-Run: 218,603,847,680 bytes free
.
- - End Of File - - F0070743E26188F0AB9BE476FEFFA1C7

#17 Broni Re: [RESOLVED] Laptop shuts down

    Malware Annihilator

  • 24,880 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 01:13 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 9h 13m 9s

Posted 11 May 2011 - 06:55 PM

Looks good now.

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Posted Image Posted Image


#18 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 11 May 2011 - 09:40 PM

OTL Extras logfile created on: 11/05/2011 3:27:15 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 195.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 202.38 Gb Free Space | 87.45% Space Free | Partition Type: NTFS

Computer Name: JEN-PC | User Name: Jen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6973643D-A6A2-4683-BD50-62E523FC93D0}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{BF168023-768B-46FC-A698-0C819FDC1CD0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07E8B2D3-A283-4EAA-8DBB-26260762B50D}" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{07FBD828-9EFE-4D3C-B317-4B249128CC02}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0DEB9B4E-AE9C-40BE-BF7D-D60F67082D9E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{14A82612-FA33-4B55-AC56-AA4E78379925}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1988ACB4-91DE-4B36-8CC7-F25232F96912}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{2DD48740-49C3-457D-8239-EA49A94367A0}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{2FF8E7E5-F453-48A2-86FE-20FE71297E39}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{30A7C433-6EAB-4B07-98F9-C05E4892E47D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{33386D39-F756-4DEC-B61A-DA06521947FE}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{4B1C9C62-8BE1-49B5-ADFD-B9AE2A6AE945}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{7557B26C-6A44-4EEF-9749-69EA73E832F9}" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"{80E11EA1-C68C-45FF-9B9D-F2C48BEEBF6D}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{8E61F056-F615-4E13-B69C-297C589CCEA2}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{9731C9BE-DFDD-413E-954B-15A6F40AD90E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{99AE3D04-23E4-469E-BBCF-28763E81D451}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A549FE1E-8AFA-49BA-9D29-C5E69B0E0034}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{B89AA8A6-226C-40CC-BD1B-DBB340D4B365}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D1DFFEEF-6F7B-488D-B03F-C30B74851F0E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D3D79E88-80EB-4A9C-A11F-8E39CE79D45B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{9C1EED58-1790-45C4-ADBC-5D45FCA7292E}" = Pure Networks Platform
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}" = Atheros Wi-Fi Protected Setup Library
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"Google Desktop" = Google Desktop
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{03240EBA-04F2-4652-BC7F-B055902BDCD3}" = Memeo AutoBackup
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{7FE3214C-283E-40C6-A8D5-CB773110090C}" = Linksys EasyLink Advisor
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa2" = Picasa 2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"WildTangent toshiba Master Uninstall" = TOSHIBA Games
"Windows Media Encoder 9" = Windows Media Encoder 9 Series

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/05/2011 8:38:23 PM | Computer Name = Jen-PC | Source = Google Update | ID = 20
Description =

Error - 02/05/2011 8:38:59 PM | Computer Name = Jen-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/05/2011 8:42:05 PM | Computer Name = Jen-PC | Source = Google Update | ID = 20
Description =

Error - 02/05/2011 8:48:12 PM | Computer Name = Jen-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 02/05/2011 8:48:52 PM | Computer Name = Jen-PC | Source = Google Update | ID = 20
Description =

Error - 02/05/2011 9:22:13 PM | Computer Name = Jen-PC | Source = Google Update | ID = 20
Description =

Error - 02/05/2011 9:23:01 PM | Computer Name = Jen-PC | Source = WinMgmt | ID = 10
Description =

Error - 02/05/2011 9:32:03 PM | Computer Name = Jen-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.

Error - 02/05/2011 9:36:15 PM | Computer Name = Jen-PC | Source = Google Update | ID = 20
Description =

Error - 02/05/2011 9:42:07 PM | Computer Name = Jen-PC | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 29/03/2011 9:11:33 PM | Computer Name = Jen-PC | Source = DCOM | ID = 10010
Description =

Error - 29/03/2011 9:12:22 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 29/03/2011 9:32:33 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2011 8:14:52 PM | Computer Name = Jen-PC | Source = DCOM | ID = 10005
Description =

Error - 31/03/2011 8:14:52 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 31/03/2011 8:14:52 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2011 8:14:52 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 31/03/2011 8:14:52 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31/03/2011 8:18:20 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 31/03/2011 8:18:21 PM | Computer Name = Jen-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#19 Bent Club Re: [RESOLVED] Laptop shuts down

    Member

  • 701 posts
  • Joined: January 19, 2011
  • 74 topics
  • Age: 63
  • Skin: IP.Board
  • Local time: 04:13 PM
  • Zodiac:Scorpio
  • Gender:Male
  • Location:NJ
  • Interests:Golf , Boating .
  • OS:Windows XP
  • Country:
Offline
  • Time Online: 2d 40m 28s

Posted 11 May 2011 - 09:41 PM

OTL logfile created on: 11/05/2011 3:27:14 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jen\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 195.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 41.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 202.38 Gb Free Space | 87.45% Space Free | Partition Type: NTFS

Computer Name: JEN-PC | User Name: Jen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/11 15:25:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Downloads\OTL.exe
PRC - [2011/05/06 23:36:45 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/04/18 19:54:37 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/04/18 13:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2008/05/01 07:38:00 | 000,131,072 | ---- | M] (Linksys LLC - A Division of Cisco Systems) -- C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe
PRC - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/09 00:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/04/09 00:15:10 | 000,648,504 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/01/29 22:51:52 | 004,911,104 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/29 20:00:40 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2008/01/22 17:25:26 | 000,712,704 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/01/17 19:27:52 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2008/01/09 18:02:08 | 001,056,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2007/12/25 17:06:52 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/09/25 02:30:28 | 000,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2007/06/16 00:01:58 | 000,448,080 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\Toshiba\IVP\ISM\pinger.exe
PRC - [2007/01/25 22:45:42 | 000,468,600 | ---- | M] (TOSHIBA Corporation) -- C:\Toshiba\IVP\ISM\Ivpsvmgr.exe
PRC - [2006/11/06 21:14:44 | 000,034,352 | ---- | M] () -- C:\Program Files\Toshiba\Utilities\KeNotify.exe
PRC - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/05/11 15:25:29 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jen\Downloads\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/18 13:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2008/04/18 05:30:43 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/04/09 00:15:12 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/21 19:54:46 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 19:27:34 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/12/25 17:07:14 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/30 03:35:40 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2007/10/23 20:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/09/28 20:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/09/24 21:38:00 | 000,181,784 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\Toshiba\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 16:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 20:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/24 01:10:54 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2008/07/29 05:05:04 | 000,919,552 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/09 00:14:02 | 000,024,888 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/09 00:14:00 | 000,026,424 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/01/21 18:42:24 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2007/08/31 20:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2007/04/30 17:42:14 | 000,081,408 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/01/24 18:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/11/28 19:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/09 01:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 01:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/10/18 15:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/04 22:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 22:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/30 12:35:58 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/07/28 20:25:26 | 000,019,456 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2017340419-3751063866-4292919500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKU\S-1-5-21-2017340419-3751063866-4292919500-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2017340419-3751063866-4292919500-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/05/06 23:36:31 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/05/07 19:47:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\Toshiba\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [LELA] C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe (Linksys LLC - A Division of Cisco Systems)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2017340419-3751063866-4292919500-1000..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2017340419-3751063866-4292919500-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2017340419-3751063866-4292919500-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O15 - HKU\S-1-5-21-2017340419-3751063866-4292919500-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp3.dll (Pure Networks, Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img18.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 22:46:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/05/10 22:45:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/05/10 22:28:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/09 23:20:08 | 000,000,000 | ---D | C] -- C:\gmer
[2011/05/09 22:11:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/09 22:11:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/09 22:10:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/05/07 19:52:42 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Local\temp
[2011/05/07 19:07:39 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/05/07 14:56:03 | 000,000,000 | ---D | C] -- C:\Users\Jen\Documents\EVEREST Reports
[2011/05/07 14:49:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2011/05/07 14:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2011/05/07 11:14:43 | 000,000,000 | ---D | C] -- C:\Users\Jen\Documents\bluescreenview[1]
[2011/05/05 20:44:53 | 000,024,888 | ---- | C] (Pure Networks, Inc.) -- C:\Windows\System32\drivers\pnarp.sys
[2011/05/05 20:44:35 | 000,026,424 | ---- | C] (Pure Networks, Inc.) -- C:\Windows\System32\drivers\purendis.sys
[2011/05/05 20:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2011/05/05 20:44:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2011/05/05 20:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys
[2011/05/05 09:13:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/05 09:13:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/05 09:13:17 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/05 09:10:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/05 09:09:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/04 22:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/05/04 22:34:48 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/05/04 22:34:45 | 000,307,288 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/05/04 22:34:40 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/05/04 22:34:39 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/05/04 22:34:38 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/05/04 22:34:34 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/05/04 22:33:54 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/05/04 22:33:53 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/05/04 22:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/05/04 22:33:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/05/04 20:23:10 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Malwarebytes
[2011/05/04 20:22:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/05/04 20:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/04 20:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/05/04 20:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2011/05/04 20:12:45 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011/05/04 20:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/05/04 20:11:40 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/05/04 20:08:14 | 000,000,000 | R--D | C] -- C:\Users\Jen\Desktop\CONFUSER
[2011/05/04 19:11:09 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\InstallShield
[2011/05/02 14:40:20 | 000,000,000 | ---D | C] -- C:\Users\Jen\AppData\Roaming\WinBatch
[2011/04/18 22:59:09 | 000,000,000 | ---D | C] -- C:\perflogs

========== Files - Modified Within 30 Days ==========

[2011/05/11 15:06:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/11 14:53:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 14:53:02 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/11 14:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/10 22:49:53 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/10 16:49:51 | 287,160,949 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/05/09 23:08:32 | 000,001,008 | ---- | M] () -- C:\Users\Jen\Documents\gmer.reg
[2011/05/09 22:57:09 | 000,003,584 | ---- | M] () -- C:\Users\Jen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/09 22:11:00 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 19:47:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/05/07 14:49:27 | 000,000,938 | ---- | M] () -- C:\Users\Jen\Desktop\EVEREST Ultimate Edition.lnk
[2011/05/07 11:33:52 | 000,000,020 | ---- | M] () -- C:\Windows\tpcsd
[2011/05/05 22:13:28 | 000,394,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/05 20:42:51 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
[2011/05/05 08:51:33 | 000,000,560 | ---- | M] () -- C:\Users\Jen\Desktop\ATF-Cleaner - Shortcut.lnk
[2011/05/04 22:34:49 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/04 22:34:34 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/05/04 19:04:01 | 000,000,351 | ---- | M] () -- C:\Users\Jen\Documents\driver_lan_realtek_26397A - Shortcut.lnk
[2011/05/02 14:47:08 | 000,604,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/02 14:47:08 | 000,104,356 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/02 14:44:41 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/05/01 14:32:35 | 000,000,680 | ---- | M] () -- C:\Users\Jen\AppData\Local\d3d9caps.dat
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/18 13:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/04/18 13:17:46 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/04/18 13:17:34 | 000,307,288 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/04/18 13:16:18 | 000,049,240 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/04/18 13:13:21 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/04/18 13:13:09 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/04/18 13:12:58 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/04/15 17:45:45 | 000,650,331 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm

========== Files Created - No Company Name ==========

[2011/05/09 23:08:32 | 000,001,008 | ---- | C] () -- C:\Users\Jen\Documents\gmer.reg
[2011/05/09 22:11:00 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/07 14:49:27 | 000,000,938 | ---- | C] () -- C:\Users\Jen\Desktop\EVEREST Ultimate Edition.lnk
[2011/05/07 11:33:52 | 000,000,020 | ---- | C] () -- C:\Windows\tpcsd
[2011/05/06 16:43:26 | 287,160,949 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/05/05 20:42:51 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Linksys EasyLink Advisor.lnk
[2011/05/05 09:13:18 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/05 09:13:17 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/05 09:13:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/05 09:13:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/05 09:13:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/05/05 08:51:33 | 000,000,560 | ---- | C] () -- C:\Users\Jen\Desktop\ATF-Cleaner - Shortcut.lnk
[2011/05/04 22:45:41 | 000,000,351 | ---- | C] () -- C:\Users\Jen\Documents\driver_lan_realtek_26397A - Shortcut.lnk
[2011/05/04 22:34:49 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/05/02 14:44:41 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/04/28 18:11:10 | 000,000,680 | ---- | C] () -- C:\Users\Jen\AppData\Local\d3d9caps.dat
[2011/04/01 22:20:32 | 000,003,584 | ---- | C] () -- C:\Users\Jen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/18 19:40:51 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/18 17:48:30 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/18 17:48:29 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/16 21:12:49 | 000,000,013 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2011/03/16 21:12:48 | 000,000,003 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/02/20 15:16:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/02/20 15:16:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/02/20 15:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/02/20 15:16:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/02/20 15:16:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/02/20 15:16:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/02/20 15:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2008/02/20 15:03:54 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2008/02/20 15:03:54 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\RtkHDAud.dat
[2008/02/18 22:43:23 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/02/18 22:36:45 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2008/02/18 22:33:34 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/02/18 22:33:34 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/02/18 22:33:34 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/02/18 22:33:34 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/02/18 21:31:59 | 000,157,040 | ---- | C] () -- C:\Windows\fdbpinger.exe
[2007/12/21 20:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2007/09/13 18:31:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2007/09/13 18:22:46 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/13 18:22:46 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/09/13 18:11:18 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,394,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,604,946 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,104,356 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/11/23 18:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/03/17 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\AVG10
[2011/05/10 22:47:24 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\SoftGrid Client
[2011/03/31 20:18:57 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\TP
[2011/04/08 21:51:26 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\WildTangent
[2011/05/02 14:40:20 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\WinBatch
[2011/05/10 22:47:59 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< >

< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/18 21:31:45 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/05/10 22:45:59 | 000,012,181 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/05/10 22:49:04 | 1377,505,280 | -HS- | M] () -- C:\pagefile.sys
[2011/05/07 20:43:52 | 000,014,505 | ---- | M] () -- C:\VEW.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/03/22 00:07:04 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.DLL >

< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.JPG >

< %systemroot%\*.JPG >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/04/18 13:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/02/18 21:31:33 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/02/18 21:31:27 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/02/18 21:31:33 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/02/18 21:31:40 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/02/18 21:31:42 | 006,635,520 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/03/23 20:24:07 | 000,000,286 | -HS- | M] () -- C:\Users\Jen\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/03/22 03:31:30 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2011/03/22 03:31:00 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2011/03/22 03:30:59 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2011/03/22 03:30:59 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2011/03/22 03:30:59 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbtmp.log
[2011/03/22 03:31:00 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.URL /x >
[2011/03/16 21:13:07 | 000,000,402 | -HS- | M] () -- C:\Users\Jen\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< Dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< Dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\MSN\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-11 07:07:54


< >
< End of report >

#20 Broni Re: [RESOLVED] Laptop shuts down

    Malware Annihilator

  • 24,880 posts
  • Joined: October 04, 2004
  • 1,860 topics
  • Age: 57
  • Skin: IPBoard wide
  • Local time: 01:13 PM
  • Zodiac:Virgo
  • Gender:Male
  • Location:Daly City, CA
  • OS:Windows Vista
  • Country:
Offline
  • Time Online: 57d 9h 13m 9s

Posted 11 May 2011 - 10:28 PM

Quote

1,014.00 Mb Total Physical Memory
This computer could definitely use another 1GB of RAM for better performance.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2011/03/17 20:47:50 | 000,000,000 | ---D | M] -- C:\Users\Jen\AppData\Roaming\AVG10


:Services

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" =-


:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.

Posted Image Posted Image


Back to Virus, Spyware and Malware Removal · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users


This topic has been visited by 0 user(s)


  1. Smartest Computing
  2. > Security
  3. > Virus, Spyware and Malware Removal
  4. SmartestComputing rules