Broni, you helped me clean up my computer a few weeks ago and you made it simple and painless so I'm coming to you again for help.
I have a laptop that belongs to a local non-profit organization. It was slow, crashed often and no updates had been applied since 2008. I posted in the vista forum on bleeping computer and the recommended solution was to wipe it out and reinstall the operating system. Unfortunately, that turned out not to be an option since I have no recovery media and this model of laptop does not have the recovery partition like some Toshiba models do.
I've cleaned it up the best that I can by deleting programs that I don't need. Yesterday I ordered a recovery CD from the manufacturer and additional memory for it. I installed all of the windows updates so it is current, updated java and adobe reader, installed avast and MBAM.
The performance has improved some but I still have the occasional BSOD.
Toshiba, Model Satellite A200, Windows Vista Ultimate, 32-bit, 1014 MB Ram, Dual CPU 1.75 GHz
Now I need your help to see if there is anything else going on with this laptop.
Thanks,
Jo Ann
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database
version: 7477
Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421
8/16/2011 7:30:20 AM
mbam-log-2011-08-16 (07-30-20).txt
Scan type: Quick scan
Objects scanned: 201080
Time elapsed: 9 minute(s), 25 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Other logs to follow
2
[RESOLVED] Need help cleaning up laptop
Started By jalpert, Aug 17 2011 12:46 PM
27 replies to this topic
#2 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:
Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 17 August 2011 - 12:52 PM
aswMBR version 0.9.8.978 Copyright© 2011 AVAST Software
Run date: 2011-08-17 06:20:30
-----------------------------
06:20:30.318 OS Version: Windows 6.0.6002 Service Pack 2
06:20:30.318 Number of processors: 2 586 0xF0D
06:20:30.318 ComputerName: HM-LISALAPTOP UserName: admin
06:20:41.144 Initialize success
06:20:43.188 AVAST engine defs: 11081700
06:21:09.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
06:21:09.271 Disk 0 Vendor: TOSHIBA_MK8046GSX LB313M Size: 76319MB BusType: 3
06:21:11.564 Disk 0 MBR read successfully
06:21:11.580 Disk 0 MBR scan
06:21:11.611 Disk 0 Windows VISTA default MBR code
06:21:11.689 Disk 0 scanning sectors +156301312
06:21:12.110 Disk 0 scanning C:\Windows\system32\drivers
06:21:45.260 Service scanning
06:21:50.034 Modules scanning
06:22:09.736 Disk 0 trace - called modules:
06:22:09.768 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
06:22:09.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d1aac8]
06:22:09.783 3 CLASSPNP.SYS[839378b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8539b8a0]
06:22:10.267 AVAST engine scan C:\Windows
06:22:13.324 AVAST engine scan C:\Windows\system32
06:24:32.710 AVAST engine scan C:\Windows\system32\drivers
06:24:46.251 AVAST engine scan C:\Users\admin
06:27:28.912 AVAST engine scan C:\ProgramData
06:28:18.442 Scan finished successfully
06:28:48.810 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
06:28:48.826 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
Run date: 2011-08-17 06:20:30
-----------------------------
06:20:30.318 OS Version: Windows 6.0.6002 Service Pack 2
06:20:30.318 Number of processors: 2 586 0xF0D
06:20:30.318 ComputerName: HM-LISALAPTOP UserName: admin
06:20:41.144 Initialize success
06:20:43.188 AVAST engine defs: 11081700
06:21:09.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
06:21:09.271 Disk 0 Vendor: TOSHIBA_MK8046GSX LB313M Size: 76319MB BusType: 3
06:21:11.564 Disk 0 MBR read successfully
06:21:11.580 Disk 0 MBR scan
06:21:11.611 Disk 0 Windows VISTA default MBR code
06:21:11.689 Disk 0 scanning sectors +156301312
06:21:12.110 Disk 0 scanning C:\Windows\system32\drivers
06:21:45.260 Service scanning
06:21:50.034 Modules scanning
06:22:09.736 Disk 0 trace - called modules:
06:22:09.768 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
06:22:09.783 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85d1aac8]
06:22:09.783 3 CLASSPNP.SYS[839378b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x8539b8a0]
06:22:10.267 AVAST engine scan C:\Windows
06:22:13.324 AVAST engine scan C:\Windows\system32
06:24:32.710 AVAST engine scan C:\Windows\system32\drivers
06:24:46.251 AVAST engine scan C:\Users\admin
06:27:28.912 AVAST engine scan C:\ProgramData
06:28:18.442 Scan finished successfully
06:28:48.810 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
06:28:48.826 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
#3 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 17 August 2011 - 12:54 PM
.
DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by admin at 6:56:07 on 2011-08-17
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1014.653 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [EPSON Stylus C120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticca.exe /fu "c:\users\admin\appdata\local\temp\E_S47B5.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Skytel] Skytel.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A1E05387-3737-4F53-9315-C9F73844CA00} : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-6-11 7168]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-15 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-15 309848]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-15 19544]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-15 54104]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-15 42184]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-8-14 21504]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-16 366640]
S3 ManageEngine Desktop Central 6 - Desktop Sharing;ManageEngine Desktop Central 6 - Desktop Sharing;c:\program files\desktopcentral_agent\bin\RemoteDesktop.exe [2007-12-27 307200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-16 22712]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 135664]
.
=============== Created Last 30 ================
.
2011-08-16 22:01:12 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f1cb3736-525f-4adc-97a2-4d8be395f539}\mpengine.dll
2011-08-16 22:00:02 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-16 12:19:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 12:19:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 11:48:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 11:43:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 09:27:10 -------- d-----w- c:\users\admin\appdata\local\Seven Zip
2011-08-16 08:38:35 -------- d-----w- c:\program files\Windows Portable Devices
2011-08-16 01:26:57 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-08-16 01:26:56 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-08-16 01:26:56 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-08-16 01:23:50 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-16 01:23:49 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-16 01:23:49 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-08-16 01:20:43 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-16 01:19:51 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-16 01:19:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-16 01:19:51 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-16 01:19:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-16 01:19:50 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-08-16 01:19:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-16 01:19:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-16 00:14:54 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-16 00:07:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-08-16 00:07:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-16 00:07:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-08-16 00:07:52 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-08-16 00:07:51 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-08-16 00:07:51 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-08-16 00:07:51 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-08-16 00:07:51 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-08-16 00:07:51 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-08-16 00:07:50 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-08-16 00:07:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-16 00:07:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-08-16 00:02:35 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-16 00:01:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-16 00:00:57 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-16 00:00:56 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-15 18:36:03 -------- d-----w- c:\windows\system32\eu-ES
2011-08-15 18:36:03 -------- d-----w- c:\windows\system32\ca-ES
2011-08-15 18:36:02 -------- d-----w- c:\windows\system32\vi-VN
2011-08-15 17:57:08 -------- d-----w- c:\windows\system32\EventProviders
2011-08-15 17:55:26 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-08-15 17:55:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-08-15 16:44:28 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-08-15 16:30:00 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-08-15 16:28:42 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll
2011-08-15 16:28:41 355832 ----a-w- c:\program files\internet explorer\pdm.dll
2011-08-15 14:10:59 37376 ----a-w- c:\windows\system32\EhStorPwdMgr.dll
2011-08-15 14:09:59 89088 ----a-w- c:\windows\system32\pintlgnt.ime
2011-08-15 14:08:45 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-08-15 14:08:45 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-08-15 14:08:45 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-15 14:08:45 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-08-15 14:08:45 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-08-15 14:08:45 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-08-15 14:08:45 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-08-15 14:08:41 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-08-15 14:08:33 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-08-15 14:08:33 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-08-15 14:08:17 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-08-15 13:59:40 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-15 13:59:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-15 13:59:39 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-15 13:59:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-15 13:59:39 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-15 13:49:11 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-08-15 13:35:22 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-15 13:35:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-15 13:35:15 17920 ----a-w- c:\windows\system32\netevent.dll
2011-08-15 13:34:50 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-08-15 13:34:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-08-15 13:34:21 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-08-15 13:33:36 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-08-15 13:33:34 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-15 13:33:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-15 13:33:02 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-15 13:33:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-08-15 13:33:01 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-08-15 13:31:53 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-08-15 13:30:46 81920 ----a-w- c:\windows\system32\consent.exe
2011-08-15 13:30:39 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-08-15 13:30:38 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-08-15 13:30:37 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-08-15 13:30:35 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-08-15 13:30:30 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-08-15 13:29:09 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-08-15 13:29:06 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-08-15 13:29:02 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-15 13:28:21 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-08-15 13:14:30 840704 ----a-w- c:\windows\system32\WFS.exe
2011-08-15 13:14:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-08-15 13:11:35 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-15 11:20:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-15 11:20:01 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-15 11:18:42 40112 ----a-w- c:\windows\avastSS.scr
2011-08-15 11:18:13 -------- d-----w- c:\programdata\AVAST Software
2011-08-15 11:18:13 -------- d-----w- c:\program files\AVAST Software
2011-08-15 11:03:45 -------- d-----w- c:\users\admin\appdata\local\ApplicationHistory
2011-08-15 10:31:45 -------- d-----w- C:\PerfLogs
2011-08-14 20:49:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-14 20:49:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-14 20:49:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-14 20:29:21 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll
2011-08-14 20:29:11 705536 ----a-w- c:\windows\system32\imagesp1.dll
2011-08-14 20:29:07 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2011-08-14 20:29:00 1008184 ----a-w- c:\program files\windows defender\MSASCui.exe
2011-08-14 20:27:59 450560 ----a-w- c:\program files\common files\system\ole db\msdasql.dll
2011-08-14 20:26:59 487936 ----a-w- c:\windows\system32\catsrvut.dll
2011-08-14 20:25:59 22528 ----a-w- c:\windows\system32\blb_ps.dll
2011-08-14 20:24:59 51712 ----a-w- c:\windows\system32\takeown.exe
2011-08-14 20:23:59 97280 ----a-w- c:\windows\system32\OptionalFeatures.exe
2011-08-14 20:22:59 5504 ----a-w- c:\windows\system32\drivers\mspqm.sys
2011-08-14 20:22:59 2560 ----a-w- c:\windows\system32\bootstr.dll
2011-08-14 20:22:59 2048 ----a-w- c:\windows\system32\dmdskres2.dll
2011-08-14 20:22:57 7680 ----a-w- c:\windows\system32\spwizres.dll
2011-08-14 20:22:55 2048 ----a-w- c:\windows\system32\wertargets.wtl
2011-08-14 20:22:48 12198 ----a-w- c:\windows\system32\gatherWiredInfo.vbs
2011-08-14 20:21:12 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2011-08-14 20:21:11 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-14 20:21:08 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-08-14 20:20:51 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-08-14 20:20:51 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-08-14 20:20:51 258560 ----a-w- c:\windows\system32\dpx.dll
2011-08-14 20:14:48 243712 ----a-w- c:\windows\system32\rastls.dll
2011-08-14 20:14:43 37888 ----a-w- c:\windows\system32\printcom.dll
2011-08-14 20:14:18 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-14 20:14:18 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-14 20:14:16 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-14 20:14:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-14 20:14:13 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-14 20:14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-14 20:13:57 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-08-14 20:13:57 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-08-14 20:13:38 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-14 20:13:38 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-14 20:13:35 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-14 20:13:12 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-08-14 20:13:02 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-08-14 20:11:38 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-08-14 20:07:22 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-08-14 19:42:58 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-14 19:42:54 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-14 19:42:54 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-14 19:42:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-14 19:42:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-14 19:42:52 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-14 19:42:52 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-14 19:42:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-14 19:41:06 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-08-14 19:41:06 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-08-14 19:40:39 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-14 19:40:39 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-14 19:40:28 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-08-14 19:39:43 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-08-14 19:39:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-14 19:39:42 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-08-14 19:39:38 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-08-14 19:39:00 4875776 ----a-w- c:\windows\system32\NlsData0009.dll
2011-08-14 19:39:00 2643456 ----a-w- c:\windows\system32\NlsData000c.dll
2011-08-14 19:33:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-14 19:31:35 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-14 19:31:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-14 19:31:15 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-14 19:31:15 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-14 19:31:15 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-14 19:31:14 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-14 19:31:14 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-14 19:31:14 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-14 19:31:09 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-14 19:30:51 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-14 19:30:51 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-14 19:28:55 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-14 19:28:34 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-14 19:28:22 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-14 19:28:22 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-14 19:27:49 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-14 18:45:57 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-08-14 18:45:56 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-08-14 18:43:50 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-08-14 18:43:50 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-08-14 18:43:49 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-08-14 18:43:49 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-08-14 18:43:47 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-08-14 18:43:47 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-08-14 18:43:46 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-08-14 18:43:46 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-08-14 18:43:44 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-08-14 18:43:32 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-08-14 18:42:12 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-08-14 18:38:21 98304 ----a-w- c:\windows\system32\cabview.dll
2011-08-10 11:25:30 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2011-08-10 11:25:12 -------- d-----w- c:\programdata\Malwarebytes
2011-08-10 11:25:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-08-16 01:20:43 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-08-16 01:19:51 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-08-15 09:51:40 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-15 09:51:12 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 6:58:09.64 ===============
MSXML 4.0 SP2 Parser and SDK
Network
oggcodecs 0.71.0946
PaperPort Image Printer
Protector Suite QL 5.6
QuickBooks Pro 2008
QuickBooks Simple Start 2008 (Plus Pack)
Realtek High Definition Audio Driver
Scan
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Music
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebReg
Windows Live ID Sign-in Assistant
Windows Media Encoder 9 Series
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:55:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2011 6:55:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/17/2011 6:55:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2011 6:55:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2011 6:47:29 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 1753 (0x6D9).
8/17/2011 6:45:18 AM, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: There are no more endpoints available from the endpoint mapper.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/17/2011 6:34:57 AM, Error: EventLog [6008] - The previous system shutdown at 6:33:13 AM on 8/17/2011 was unexpected.
8/17/2011 4:57:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
8/17/2011 4:56:07 AM, Error: EventLog [6008] - The previous system shutdown at 4:54:03 AM on 8/17/2011 was unexpected.
8/16/2011 6:29:09 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2011 6:29:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/16/2011 6:29:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2011 5:24:21 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================
DDS (Ver_2011-06-23.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by admin at 6:56:07 on 2011-08-17
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1014.653 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\TOSCDSPD.exe
uRun: [EPSON Stylus C120 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticca.exe /fu "c:\users\admin\appdata\local\temp\E_S47B5.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe"
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Skytel] Skytel.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A1E05387-3737-4F53-9315-C9F73844CA00} : DhcpNameServer = 192.168.0.1
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
LSA: Notification Packages = scecli psqlpwd
.
============= SERVICES / DRIVERS ===============
.
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2007-6-11 7168]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-8-15 441176]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-8-15 309848]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-8-15 19544]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-8-15 54104]
S2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-8-15 42184]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2011-8-14 21504]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-16 366640]
S3 ManageEngine Desktop Central 6 - Desktop Sharing;ManageEngine Desktop Central 6 - Desktop Sharing;c:\program files\desktopcentral_agent\bin\RemoteDesktop.exe [2007-12-27 307200]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-16 22712]
S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-5-4 135664]
.
=============== Created Last 30 ================
.
2011-08-16 22:01:12 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f1cb3736-525f-4adc-97a2-4d8be395f539}\mpengine.dll
2011-08-16 22:00:02 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-16 12:19:35 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 12:19:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 11:48:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 11:43:34 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 09:27:10 -------- d-----w- c:\users\admin\appdata\local\Seven Zip
2011-08-16 08:38:35 -------- d-----w- c:\program files\Windows Portable Devices
2011-08-16 01:26:57 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-08-16 01:26:56 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-08-16 01:26:56 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-08-16 01:23:50 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-16 01:23:49 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-16 01:23:49 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-08-16 01:20:43 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-16 01:19:51 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-16 01:19:51 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-16 01:19:51 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-16 01:19:50 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-16 01:19:50 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-08-16 01:19:50 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-16 01:19:50 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-16 00:14:54 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-16 00:07:52 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-08-16 00:07:52 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-16 00:07:52 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-08-16 00:07:52 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-08-16 00:07:51 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-08-16 00:07:51 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-08-16 00:07:51 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-08-16 00:07:51 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-08-16 00:07:51 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-08-16 00:07:50 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-08-16 00:07:50 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-16 00:07:50 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-08-16 00:02:35 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-16 00:01:00 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-16 00:00:57 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-16 00:00:56 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-15 18:36:03 -------- d-----w- c:\windows\system32\eu-ES
2011-08-15 18:36:03 -------- d-----w- c:\windows\system32\ca-ES
2011-08-15 18:36:02 -------- d-----w- c:\windows\system32\vi-VN
2011-08-15 17:57:08 -------- d-----w- c:\windows\system32\EventProviders
2011-08-15 17:55:26 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-08-15 17:55:25 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-08-15 16:44:28 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-08-15 16:30:00 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-08-15 16:28:42 265720 ----a-w- c:\program files\internet explorer\msdbg2.dll
2011-08-15 16:28:41 355832 ----a-w- c:\program files\internet explorer\pdm.dll
2011-08-15 14:10:59 37376 ----a-w- c:\windows\system32\EhStorPwdMgr.dll
2011-08-15 14:09:59 89088 ----a-w- c:\windows\system32\pintlgnt.ime
2011-08-15 14:08:45 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-08-15 14:08:45 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-08-15 14:08:45 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-15 14:08:45 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-08-15 14:08:45 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-08-15 14:08:45 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-08-15 14:08:45 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-08-15 14:08:41 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-08-15 14:08:33 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-08-15 14:08:33 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-08-15 14:08:17 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-08-15 13:59:40 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-15 13:59:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-15 13:59:39 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-15 13:59:39 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-15 13:59:39 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-15 13:49:11 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-08-15 13:35:22 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-15 13:35:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-15 13:35:15 17920 ----a-w- c:\windows\system32\netevent.dll
2011-08-15 13:34:50 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2011-08-15 13:34:48 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-08-15 13:34:21 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-08-15 13:33:36 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-08-15 13:33:34 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-15 13:33:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-15 13:33:02 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-15 13:33:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-08-15 13:33:01 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-08-15 13:31:53 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-08-15 13:30:46 81920 ----a-w- c:\windows\system32\consent.exe
2011-08-15 13:30:39 515584 ----a-w- c:\program files\windows mail\wab.exe
2011-08-15 13:30:38 66048 ----a-w- c:\program files\windows mail\wabmig.exe
2011-08-15 13:30:37 33280 ----a-w- c:\program files\windows mail\wabfind.dll
2011-08-15 13:30:35 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-08-15 13:30:30 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-08-15 13:29:09 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-08-15 13:29:06 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-08-15 13:29:02 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-15 13:28:21 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-08-15 13:14:30 840704 ----a-w- c:\windows\system32\WFS.exe
2011-08-15 13:14:30 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-08-15 13:11:35 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-15 11:20:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-15 11:20:01 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-15 11:18:42 40112 ----a-w- c:\windows\avastSS.scr
2011-08-15 11:18:13 -------- d-----w- c:\programdata\AVAST Software
2011-08-15 11:18:13 -------- d-----w- c:\program files\AVAST Software
2011-08-15 11:03:45 -------- d-----w- c:\users\admin\appdata\local\ApplicationHistory
2011-08-15 10:31:45 -------- d-----w- C:\PerfLogs
2011-08-14 20:49:45 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-14 20:49:38 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-14 20:49:38 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-14 20:29:21 2730536 ----a-w- c:\programdata\microsoft\windows defender\definition updates\default\MpEngine.dll
2011-08-14 20:29:11 705536 ----a-w- c:\windows\system32\imagesp1.dll
2011-08-14 20:29:07 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2011-08-14 20:29:00 1008184 ----a-w- c:\program files\windows defender\MSASCui.exe
2011-08-14 20:27:59 450560 ----a-w- c:\program files\common files\system\ole db\msdasql.dll
2011-08-14 20:26:59 487936 ----a-w- c:\windows\system32\catsrvut.dll
2011-08-14 20:25:59 22528 ----a-w- c:\windows\system32\blb_ps.dll
2011-08-14 20:24:59 51712 ----a-w- c:\windows\system32\takeown.exe
2011-08-14 20:23:59 97280 ----a-w- c:\windows\system32\OptionalFeatures.exe
2011-08-14 20:22:59 5504 ----a-w- c:\windows\system32\drivers\mspqm.sys
2011-08-14 20:22:59 2560 ----a-w- c:\windows\system32\bootstr.dll
2011-08-14 20:22:59 2048 ----a-w- c:\windows\system32\dmdskres2.dll
2011-08-14 20:22:57 7680 ----a-w- c:\windows\system32\spwizres.dll
2011-08-14 20:22:55 2048 ----a-w- c:\windows\system32\wertargets.wtl
2011-08-14 20:22:48 12198 ----a-w- c:\windows\system32\gatherWiredInfo.vbs
2011-08-14 20:21:12 102400 ----a-w- c:\windows\system32\wbem\mofinstall.dll
2011-08-14 20:21:11 357888 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-14 20:21:08 139264 ----a-w- c:\windows\system32\SmiInstaller.dll
2011-08-14 20:20:51 35328 ----a-w- c:\windows\system32\mspatcha.dll
2011-08-14 20:20:51 305152 ----a-w- c:\windows\system32\msdelta.dll
2011-08-14 20:20:51 258560 ----a-w- c:\windows\system32\dpx.dll
2011-08-14 20:14:48 243712 ----a-w- c:\windows\system32\rastls.dll
2011-08-14 20:14:43 37888 ----a-w- c:\windows\system32\printcom.dll
2011-08-14 20:14:18 499712 ----a-w- c:\windows\system32\kerberos.dll
2011-08-14 20:14:18 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2011-08-14 20:14:16 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-08-14 20:14:15 175104 ----a-w- c:\windows\system32\wdigest.dll
2011-08-14 20:14:13 72704 ----a-w- c:\windows\system32\secur32.dll
2011-08-14 20:14:12 9728 ----a-w- c:\windows\system32\lsass.exe
2011-08-14 20:13:57 62464 ----a-w- c:\windows\system32\l3codeca.acm
2011-08-14 20:13:57 220672 ----a-w- c:\windows\system32\l3codecp.acm
2011-08-14 20:13:38 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2011-08-14 20:13:38 24576 ----a-w- c:\windows\system32\mfpmp.exe
2011-08-14 20:13:35 2048 ----a-w- c:\windows\system32\mferror.dll
2011-08-14 20:13:12 355328 ----a-w- c:\windows\system32\WSDApi.dll
2011-08-14 20:13:02 60928 ----a-w- c:\windows\system32\msasn1.dll
2011-08-14 20:11:38 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-08-14 20:07:22 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2011-08-14 19:42:58 105984 ----a-w- c:\windows\system32\netiohlp.dll
2011-08-14 19:42:54 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-08-14 19:42:54 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-08-14 19:42:53 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-08-14 19:42:53 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-08-14 19:42:52 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-08-14 19:42:52 10240 ----a-w- c:\windows\system32\finger.exe
2011-08-14 19:42:51 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-08-14 19:41:06 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2011-08-14 19:41:06 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2011-08-14 19:40:39 23552 ----a-w- c:\windows\system32\lpk.dll
2011-08-14 19:40:39 10240 ----a-w- c:\windows\system32\dciman32.dll
2011-08-14 19:40:28 714240 ----a-w- c:\windows\system32\timedate.cpl
2011-08-14 19:39:43 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2011-08-14 19:39:42 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-14 19:39:42 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2011-08-14 19:39:38 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2011-08-14 19:39:00 4875776 ----a-w- c:\windows\system32\NlsData0009.dll
2011-08-14 19:39:00 2643456 ----a-w- c:\windows\system32\NlsData000c.dll
2011-08-14 19:33:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-14 19:31:35 218624 ----a-w- c:\windows\system32\msv1_0.dll
2011-08-14 19:31:23 1401856 ----a-w- c:\windows\system32\msxml6.dll
2011-08-14 19:31:15 65024 ----a-w- c:\windows\system32\wlanapi.dll
2011-08-14 19:31:15 513536 ----a-w- c:\windows\system32\wlansvc.dll
2011-08-14 19:31:15 302592 ----a-w- c:\windows\system32\wlansec.dll
2011-08-14 19:31:14 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2011-08-14 19:31:14 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2011-08-14 19:31:14 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2011-08-14 19:31:09 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2011-08-14 19:30:51 61440 ----a-w- c:\windows\system32\winipsec.dll
2011-08-14 19:30:51 272896 ----a-w- c:\windows\system32\polstore.dll
2011-08-14 19:28:55 71680 ----a-w- c:\windows\system32\atl.dll
2011-08-14 19:28:34 160256 ----a-w- c:\windows\system32\wkssvc.dll
2011-08-14 19:28:22 53248 ----a-w- c:\windows\system32\tsgqec.dll
2011-08-14 19:28:22 136192 ----a-w- c:\windows\system32\aaclient.dll
2011-08-14 19:27:49 623616 ----a-w- c:\windows\system32\localspl.dll
2011-08-14 18:45:57 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2011-08-14 18:45:56 310784 ----a-w- c:\windows\system32\unregmp2.exe
2011-08-14 18:43:50 91136 ----a-w- c:\windows\system32\avifil32.dll
2011-08-14 18:43:50 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-08-14 18:43:49 31744 ----a-w- c:\windows\system32\msvidc32.dll
2011-08-14 18:43:49 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2011-08-14 18:43:47 22528 ----a-w- c:\windows\system32\msyuv.dll
2011-08-14 18:43:47 13312 ----a-w- c:\windows\system32\msrle32.dll
2011-08-14 18:43:46 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2011-08-14 18:43:46 123904 ----a-w- c:\windows\system32\msvfw32.dll
2011-08-14 18:43:44 82944 ----a-w- c:\windows\system32\mciavi32.dll
2011-08-14 18:43:32 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2011-08-14 18:42:12 172032 ----a-w- c:\windows\system32\wintrust.dll
2011-08-14 18:38:21 98304 ----a-w- c:\windows\system32\cabview.dll
2011-08-10 11:25:30 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2011-08-10 11:25:12 -------- d-----w- c:\programdata\Malwarebytes
2011-08-10 11:25:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-08-16 01:20:43 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2011-08-16 01:19:51 4096 ----a-w- c:\windows\system32\drivers\en-us\dxgkrnl.sys.mui
2011-08-15 09:51:40 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-15 09:51:12 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 6:58:09.64 ===============
MSXML 4.0 SP2 Parser and SDK
Network
oggcodecs 0.71.0946
PaperPort Image Printer
Protector Suite QL 5.6
QuickBooks Pro 2008
QuickBooks Simple Start 2008 (Plus Pack)
Realtek High Definition Audio Driver
Scan
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Music
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebReg
Windows Live ID Sign-in Assistant
Windows Media Encoder 9 Series
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:55:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2011 6:55:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/17/2011 6:55:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2011 6:55:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2011 6:47:29 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 1753 (0x6D9).
8/17/2011 6:45:18 AM, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: There are no more endpoints available from the endpoint mapper.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/17/2011 6:34:57 AM, Error: EventLog [6008] - The previous system shutdown at 6:33:13 AM on 8/17/2011 was unexpected.
8/17/2011 4:57:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
8/17/2011 4:56:07 AM, Error: EventLog [6008] - The previous system shutdown at 4:54:03 AM on 8/17/2011 was unexpected.
8/16/2011 6:29:09 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2011 6:29:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/16/2011 6:29:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2011 5:24:21 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================
#4 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 17 August 2011 - 12:55 PM
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-17 06:12:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK8046GSX rev.LB313M
Running: 5oukwfdt.exe; Driver: C:\Users\admin\AppData\Local\Temp\fxdiqkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CF40202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CF427F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CF42848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CF4295E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CF42746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CF42898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CF4279A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CF4290C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CF40226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CF3FFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CF4024A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CF42D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CF40CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CF42820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CF42870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CF42988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CF42772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CF428D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CF427C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CF42936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CF40BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CF4026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CF40292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CF4004A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CF40186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CF40162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CF401AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CF402B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D2F6398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 828FD890 4 Bytes [02, 02, F4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828FD954 8 Bytes [F0, 27, F4, 8C, 48, 28, F4, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828FD960 4 Bytes [5E, 29, F4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828FD978 4 Bytes [46, 27, F4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 215 828FD998 8 Bytes [98, 28, F4, 8C, 9A, 27, F4, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A2862F 5 Bytes JMP 8D2F1D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A81543 5 Bytes JMP 8D2F37F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A8AE68 4 Bytes CALL 8CF4134B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A8EADC 4 Bytes CALL 8CF41361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AE2DCA 7 Bytes JMP 8D2F639C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x83B5E000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x83BA7000, 0x510, 0x40000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\taskeng.exe[200] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[200] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[200] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[376] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[376] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[376] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[376] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001403FC
.text C:\Users\admin\Desktop\5oukwfdt.exe[552] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[576] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[576] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[576] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[632] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[632] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[632] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[672] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[680] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[728] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[760] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[760] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[760] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[760] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[772] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[772] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[780] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[780] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[780] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[804] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[804] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[804] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[804] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[804] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[804] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[804] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[804] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00CF0600
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00CF0804
.text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00CF0A08
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 00CF01F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 00CF03FC
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[988] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001503FC
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00090600
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00090804
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00090A08
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00830600
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00830804
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00830A08
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 008301F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 008303FC
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Windows\System32\spoolsv.exe[1272] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1272] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1272] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000E0600
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000E0804
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000E0A08
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000E01F8
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000E03FC
.text C:\Windows\system32\AUDIODG.EXE[1292] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 01070600
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 01070804
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 01070A08
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 010701F8
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 010703FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] kernel32.dll!SetUnhandledExceptionFilter 765BA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\taskeng.exe[1480] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[1480] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[1480] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\WLANExt.exe[1564] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1564] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1564] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1648] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00200600
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00200804
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00200A08
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002001F8
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 002003FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 002103FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00210600
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00211014
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00210804
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00210A08
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00210C0C
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00210E10
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 002101F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 002C0600
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 002C0804
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!UnhookWindowsHookEx 772B98DB 3 Bytes JMP 002C0A08
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!UnhookWindowsHookEx + 4 772B98DF 1 Byte [89]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002C01F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!UnhookWinEvent 772BC06F 3 Bytes JMP 002C03FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!UnhookWinEvent + 4 772BC073 1 Byte [89]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 002D03FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 002D0600
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 002D1014
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 002D0804
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 002D0A08
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 002D0C0C
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 002D0E10
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 002D01F8
.text C:\Windows\system32\svchost.exe[2080] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[2080] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2080] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001303FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[2320] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[2320] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[2320] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[2516] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[2516] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000803FC
.text C:\Windows\system32\agrsmsvc.exe[2516] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000A03FC
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 000A0600
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 000A1014
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 000A0804
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 000A0A08
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000A01F8
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000B03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 001D0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 001D0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 001D0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001D01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001D03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001E03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 001E0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 001E1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 001E0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 001E0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 001E0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 001E0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001E01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 003E03FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 003E0600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 003E1014
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 003E0804
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 003E0A08
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 003E0C0C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 003E0E10
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 003E01F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 003F0600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 003F0804
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 003F0A08
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 003F01F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 003F03FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001B03FC
.text C:\Windows\System32\svchost.exe[2784] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2784] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000D0804
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000D0A08
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000D01F8
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000D03FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ntdll.dll!DbgBreakPoint 771C884E 1 Byte [90]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00190600
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00190804
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00190A08
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001901F8
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001903FC
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!CreateServiceA
Rootkit scan 2011-08-17 06:12:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK8046GSX rev.LB313M
Running: 5oukwfdt.exe; Driver: C:\Users\admin\AppData\Local\Temp\fxdiqkod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8CF40202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8CF427F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8CF42848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8CF4295E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8CF42746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8CF42898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8CF4279A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8CF4290C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8CF40226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8CF3FFF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8CF4024A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8CF42D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8CF40CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8CF42820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8CF42870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8CF42988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8CF42772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8CF428D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8CF427C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8CF42936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8CF40BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8CF4026E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8CF40292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8CF4004A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8CF40186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8CF40162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8CF401AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8CF402B6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D2F6398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 10D 828FD890 4 Bytes [02, 02, F4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1D1 828FD954 8 Bytes [F0, 27, F4, 8C, 48, 28, F4, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 828FD960 4 Bytes [5E, 29, F4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 1F5 828FD978 4 Bytes [46, 27, F4, 8C]
.text ntkrnlpa.exe!KeSetEvent + 215 828FD998 8 Bytes [98, 28, F4, 8C, 9A, 27, F4, ...]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A2862F 5 Bytes JMP 8D2F1D4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82A81543 5 Bytes JMP 8D2F37F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A8AE68 4 Bytes CALL 8CF4134B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A8EADC 4 Bytes CALL 8CF41361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82AE2DCA 7 Bytes JMP 8D2F639C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x83B5E000, 0x4036D, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x83BA7000, 0x510, 0x40000040]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\taskeng.exe[200] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[200] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[200] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[200] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[200] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[376] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[376] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[376] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[376] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[376] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00140A08
.text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[376] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001403FC
.text C:\Users\admin\Desktop\5oukwfdt.exe[552] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[576] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\Dwm.exe[576] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\Dwm.exe[576] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\Dwm.exe[576] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\Dwm.exe[576] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[632] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[632] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[632] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[632] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[632] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[672] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[680] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[708] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[728] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[728] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[728] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[728] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[760] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[760] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[760] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[760] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[760] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[760] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[760] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[772] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[772] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[772] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[772] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[772] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[772] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[780] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[780] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[780] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[780] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[804] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[804] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[804] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[804] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[804] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[804] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[804] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[804] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[804] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[932] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[932] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[932] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00CF0600
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00CF0804
.text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00CF0A08
.text C:\Windows\system32\svchost.exe[932] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 00CF01F8
.text C:\Windows\system32\svchost.exe[932] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 00CF03FC
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[988] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00150600
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00150804
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00150A08
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001501F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001503FC
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00090600
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00090804
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00090A08
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[1072] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1160] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1160] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1160] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\System32\svchost.exe[1160] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00830600
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00830804
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00830A08
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 008301F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 008303FC
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1204] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[1204] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Windows\System32\spoolsv.exe[1272] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[1272] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[1272] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[1272] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000E0600
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000E0804
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000E0A08
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000E01F8
.text C:\Windows\System32\spoolsv.exe[1272] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000E03FC
.text C:\Windows\system32\AUDIODG.EXE[1292] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1348] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1348] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\svchost.exe[1348] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 01070600
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 01070804
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 01070A08
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 010701F8
.text C:\Windows\system32\svchost.exe[1348] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 010703FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] kernel32.dll!SetUnhandledExceptionFilter 765BA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1448] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1456] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\svchost.exe[1456] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\taskeng.exe[1480] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[1480] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[1480] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[1480] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[1480] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Protector Suite QL\upeksvr.exe[1536] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\WLANExt.exe[1564] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WLANExt.exe[1564] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WLANExt.exe[1564] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WLANExt.exe[1564] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WLANExt.exe[1564] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1648] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00200600
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00200804
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00200A08
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002001F8
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 002003FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 002103FC
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00210600
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00211014
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00210804
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00210A08
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00210C0C
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00210E10
.text C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe[1856] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 002101F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 002C0600
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 002C0804
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!UnhookWindowsHookEx 772B98DB 3 Bytes JMP 002C0A08
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!UnhookWindowsHookEx + 4 772B98DF 1 Byte [89]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002C01F8
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!UnhookWinEvent 772BC06F 3 Bytes JMP 002C03FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] USER32.dll!UnhookWinEvent + 4 772BC073 1 Byte [89]
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 002D03FC
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 002D0600
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 002D1014
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 002D0804
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 002D0A08
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 002D0C0C
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 002D0E10
.text C:\Program Files\Toshiba\ConfigFree\NDSTray.exe[2064] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 002D01F8
.text C:\Windows\system32\svchost.exe[2080] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[2080] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[2080] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2080] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[2080] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001303FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Defender\MSASCui.exe[2244] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\ehome\ehtray.exe[2320] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[2320] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[2320] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehtray.exe[2320] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[2320] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2480] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynToshiba.exe[2484] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00081014
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00080C0C
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00080E10
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2500] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[2516] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[2516] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000803FC
.text C:\Windows\system32\agrsmsvc.exe[2516] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000A03FC
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 000A0600
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 000A1014
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 000A0804
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 000A0A08
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\agrsmsvc.exe[2516] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000A01F8
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000B0600
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000B0804
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000B0A08
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000B01F8
.text C:\Windows\system32\agrsmsvc.exe[2516] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000B03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 001D0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 001D0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 001D0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001D01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001D03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001E03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 001E0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 001E1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 001E0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 001E0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 001E0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 001E0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[2560] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001E01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2572] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 003E03FC
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 003E0600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 003E1014
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 003E0804
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 003E0A08
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 003E0C0C
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 003E0E10
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 003E01F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 003F0600
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 003F0804
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 003F0A08
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 003F01F8
.text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2616] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 003F03FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TPwrMain.exe[2772] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001B03FC
.text C:\Windows\System32\svchost.exe[2784] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2784] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2784] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[2784] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000D0600
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000D0804
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000D0A08
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000D01F8
.text C:\Windows\System32\svchost.exe[2784] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000D03FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Toshiba\SmoothView\SmoothView.exe[2812] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ntdll.dll!DbgBreakPoint 771C884E 1 Byte [90]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00190600
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00190804
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00190A08
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001901F8
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001903FC
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe[2824] ADVAPI32.dll!CreateServiceA
#5 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 17 August 2011 - 12:56 PM
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[2864] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2864] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2864] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[2880] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2880] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2928] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2972] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00161014
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00160C0C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00160E10
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[3132] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3132] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3132] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[3168] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[3168] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[3168] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\TODDSrv.exe[3220] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\TODDSrv.exe[3220] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Windows\system32\TODDSrv.exe[3220] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00260600
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00260804
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00260A08
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002601F8
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 002603FC
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 002703FC
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00270600
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00271014
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00270804
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00270A08
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00270C0C
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00270E10
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 002701F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001B03FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001601F8
.text C:\Windows\System32\svchost.exe[3336] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3336] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3336] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\igfxsrvc.exe[3360] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[3360] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[3360] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 008B0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 008B0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 008B0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 008B01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 008B03FC
.text C:\Windows\system32\SearchIndexer.exe[3416] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3416] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3416] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[3484] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[3484] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[3484] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00090600
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00090804
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000603FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00220600
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00220804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00220A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002201F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 002203FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 002103FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00210600
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00211014
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00210804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00210A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00210C0C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00210E10
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 002101F8
.text C:\Windows\System32\igfxtray.exe[3824] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[3824] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[3824] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[3836] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[3836] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[3836] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[3844] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[3844] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[3844] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001603FC
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[4744] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4744] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4744] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[4808] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4808] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4808] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 003C0600
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 003C0804
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 003C0A08
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 003C01F8
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 003C03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\ctfmon.exe[5196] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!EnableWindow 772BCD8B 5 Bytes JMP 69AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!DialogBoxParamW 772E10B0 5 Bytes JMP 69A115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!DialogBoxIndirectParamW 772E2EF5 5 Bytes JMP 69C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!DialogBoxParamA 772F8152 5 Bytes JMP 69C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!DialogBoxIndirectParamA 772F847D 5 Bytes JMP 69C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!MessageBoxIndirectA 7730D4D9 5 Bytes JMP 69C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!MessageBoxIndirectW 7730D5D3 5 Bytes JMP 69C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!MessageBoxExA 7730D639 5 Bytes JMP 69C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!MessageBoxExW 7730D65D 5 Bytes JMP 69C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] kernel32.dll!CreateThread 765DCB2E 5 Bytes JMP 69A771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateDialogParamW 772B72A2 5 Bytes JMP 69C061F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!GetAsyncKeyState 772B863C 5 Bytes JMP 69A5DC5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 69AB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CallNextHookEx 772B8E3B 5 Bytes JMP 69AD7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 69AFEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!EnableWindow 772BCD8B 5 Bytes JMP 69AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DefWindowProcA 772BDB88 7 Bytes JMP 69A793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateWindowExA 772BDC2A 2 Bytes JMP 69A83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateWindowExA + 3 772BDC2D 2 Bytes [7C, F2] {JL 0xfffffffffffffff4}
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateWindowExW 772C1305 5 Bytes JMP 69ADFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!GetKeyState 772C8CB1 5 Bytes JMP 69A5DB37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DefWindowProcW 772D03B4 7 Bytes JMP 69AD7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!IsDialogMessageW 772D0745 5 Bytes JMP 69C0696C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateDialogParamA 772D17AA 5 Bytes JMP 69C061C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!IsDialogMessage 772D1847 5 Bytes JMP 69C06944 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateDialogIndirectParamA 772D26F1 5 Bytes JMP 69C06230 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateDialogIndirectParamW 772D9A62 5 Bytes JMP 69C06268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetKeyboardState 772E0987 5 Bytes JMP 69C07235 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DialogBoxParamW 772E10B0 5 Bytes JMP 69A115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DialogBoxIndirectParamW 772E2EF5 5 Bytes JMP 69C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SendInput 772E2F75 5 Bytes JMP 69C071DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!EndDialog 772E326E 5 Bytes JMP 69C06C18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetCursorPos 772F6FB2 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetCursorPos 772F6FB2 5 Bytes JMP 69C072B6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DialogBoxParamA 772F8152 5 Bytes JMP 69C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DialogBoxIndirectParamA 772F847D 5 Bytes JMP 69C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!MessageBoxIndirectA 7730D4D9 5 Bytes JMP 69C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!MessageBoxIndirectW 7730D5D3 5 Bytes JMP 69C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!MessageBoxExA 7730D639 5 Bytes JMP 69C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!MessageBoxExW 7730D65D 5 Bytes JMP 69C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!keybd_event 7730D972 5 Bytes JMP 69C0719A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] SHELL32.dll!SHRestricted + D95 758F89A8 4 Bytes [CF, 01, D3, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] SHELL32.dll!SHRestricted + D9D 758F89B0 8 Bytes [E0, 61, D2, 68, 79, F7, D2, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ole32.dll!OleLoadFromStream 76691E80 5 Bytes JMP 69C06676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[760] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001C0002
IAT C:\Windows\system32\services.exe[760] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001C0000
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74707817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7475A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7470BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74738395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7470DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7478CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7472C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74702AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [68D3BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [68D3E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [68D37F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [68D3F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [68D407CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [68D3B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [68D3ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [68D31555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [68D30E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [68D260B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [68D27278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [68D433C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [68D319CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [68D26692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [68D3BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [68D3F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [68D4072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [68D407CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [68D30ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [68D3EFD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [68D39229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [68D3E73F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [68D3ECFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [68D3C6B1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [68D25F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [68D3F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [68D3939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [68D26291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [68D3E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [68D3EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [68D3DFBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [68D37BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [68D37F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [68D2F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [68D3E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [68D3B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [68D3ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [68D3AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [68D3939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [68D407CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [68D25F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [68D39229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [68D2F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [68D3F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [68D4072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [68D3F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [68D30ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [68D3D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [68D3D557] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [68D26692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [68D42FB4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [68D4327D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [68D43B2F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [68D2EEBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [68D319CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [68D260B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [68D30859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [68D43983] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [68D433C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [68D31555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [68D27278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [68D30E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [68D43E89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [68D2F30B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [68D43FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [68D43D27] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [68D2FCC5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [68D3A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [68D407CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [68D3E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [68D3A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [68D3B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [68D3B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [68D3C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [68D3F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [68D3BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [68D39F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [68D37F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [68D3E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [68D39AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [68D30ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [68D3A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [68D3ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [68D3EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [68D26291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [68D3939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [68D25F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [68D3E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [68D39C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [68D3968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [68D3997F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [68D3CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [68D3D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [68D3D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [68D40DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [68D2F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [68D2F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [68D40D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [68D41F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [68D41095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [68D2FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [68D412D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [68D2FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [68D41542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [68D41590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [68D41C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [68D41191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [68D41BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [68D419EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [68D2E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [68D41B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [68D4136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [68D4162F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [68D41284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [68D4194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [68D40F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [68D42769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [68D42937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [68D27430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [68D30178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [68D2FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [68D24984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [68D4140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [68D417B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [68D4171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [68D41CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [68D418A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [68D2FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [68D25D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [68D24927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [68D40F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [68D42028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [68D42B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [68D420D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [68D4218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [68D30123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [68D41F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [68D38C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [68D37F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [68D39C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [68D3968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [68D25F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [68D2F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [68D41F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [68D42028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [68D42B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [68D42B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [68D30178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [68D264C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [68D24CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [68D24927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [68D24984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [68D26528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\TOSHIBA\IVP\ISM\pinger.exe[2840] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[2864] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[2864] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[2864] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Windows\System32\svchost.exe[2864] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[2880] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2880] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2880] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2880] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[2880] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000C03FC
.text C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe[2928] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\FlashCards\TCrdMain.exe[2972] KERNEL32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3040] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00160600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00161014
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00160804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00160A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00160C0C
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00160E10
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001601F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3112] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\svchost.exe[3132] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3132] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3132] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3132] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text c:\TOSHIBA\IVP\swupdate\swupdtmr.exe[3148] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[3168] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\RtHDVCpl.exe[3168] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\RtHDVCpl.exe[3168] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Windows\RtHDVCpl.exe[3168] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Windows\RtHDVCpl.exe[3168] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe[3204] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\TODDSrv.exe[3220] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\TODDSrv.exe[3220] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Windows\system32\TODDSrv.exe[3220] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00260600
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00260804
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00260A08
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002601F8
.text C:\Windows\system32\TODDSrv.exe[3220] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 002603FC
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 002703FC
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00270600
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00271014
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00270804
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00270A08
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00270C0C
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00270E10
.text C:\Windows\system32\TODDSrv.exe[3220] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 002701F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001A03FC
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 001A0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 001A1014
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 001A0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 001A0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 001A0C0C
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 001A0E10
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001A01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 001B0600
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 001B0804
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 001B0A08
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001B01F8
.text C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe[3248] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001B03FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe[3300] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe[3320] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001601F8
.text C:\Windows\System32\svchost.exe[3336] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3336] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3336] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3336] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\igfxsrvc.exe[3360] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\igfxsrvc.exe[3360] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\system32\igfxsrvc.exe[3360] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\igfxsrvc.exe[3360] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\igfxsrvc.exe[3360] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 008B0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 008B0804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 008B0A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 008B01F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[3384] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 008B03FC
.text C:\Windows\system32\SearchIndexer.exe[3416] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3416] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3416] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3416] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3416] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[3484] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[3484] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[3484] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00081014
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00080C0C
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00080E10
.text C:\Windows\system32\WUDFHost.exe[3484] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00090600
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00090804
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00090A08
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000901F8
.text C:\Windows\system32\WUDFHost.exe[3484] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000903FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000601F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000603FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00220600
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00220804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00220A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 002201F8
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 002203FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 002103FC
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00210600
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00211014
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00210804
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00210A08
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00210C0C
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00210E10
.text C:\Windows\system32\Macromed\Flash\FlashUtil10v_ActiveX.exe[3724] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 002101F8
.text C:\Windows\System32\igfxtray.exe[3824] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxtray.exe[3824] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxtray.exe[3824] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\igfxtray.exe[3824] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\igfxtray.exe[3824] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\hkcmd.exe[3836] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\hkcmd.exe[3836] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\hkcmd.exe[3836] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00180600
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00180804
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00180A08
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001801F8
.text C:\Windows\System32\hkcmd.exe[3836] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001803FC
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001903FC
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00190600
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00191014
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00190804
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00190A08
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00190C0C
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00190E10
.text C:\Windows\System32\hkcmd.exe[3836] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[3844] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Windows\System32\igfxpers.exe[3844] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Windows\System32\igfxpers.exe[3844] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Windows\System32\igfxpers.exe[3844] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Windows\System32\igfxpers.exe[3844] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe[3896] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe[3900] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[4000] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001601F8
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001603FC
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Protector Suite QL\psqltray.exe[4092] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001401F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001403FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00160600
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00160804
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00160A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001603FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00170600
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00171014
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00170804
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00170A08
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00170C0C
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00170E10
.text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[4468] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[4744] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4744] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4744] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4744] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[4808] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[4808] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[4808] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[4808] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 003C0600
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 003C0804
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 003C0A08
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 003C01F8
.text C:\Windows\system32\svchost.exe[4808] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 003C03FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5168] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 001801F8
.text C:\Windows\system32\ctfmon.exe[5196] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5264] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 00070804
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 00070A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!EnableWindow 772BCD8B 5 Bytes JMP 69AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!DialogBoxParamW 772E10B0 5 Bytes JMP 69A115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!DialogBoxIndirectParamW 772E2EF5 5 Bytes JMP 69C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!DialogBoxParamA 772F8152 5 Bytes JMP 69C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!DialogBoxIndirectParamA 772F847D 5 Bytes JMP 69C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!MessageBoxIndirectA 7730D4D9 5 Bytes JMP 69C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!MessageBoxIndirectW 7730D5D3 5 Bytes JMP 69C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!MessageBoxExA 7730D639 5 Bytes JMP 69C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5948] USER32.dll!MessageBoxExW 7730D65D 5 Bytes JMP 69C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ntdll.dll!LdrLoadDll 771A93A8 5 Bytes JMP 000401F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ntdll.dll!LdrUnloadDll 771BB740 5 Bytes JMP 000403FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] kernel32.dll!CreateThread 765DCB2E 5 Bytes JMP 69A771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] kernel32.dll!GetBinaryTypeW + 70 765E2467 1 Byte [62]
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!CreateServiceW 76E49EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!DeleteService 76E4A07E 5 Bytes JMP 00060600
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!SetServiceObjectSecurity 76E86CD9 5 Bytes JMP 00061014
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!ChangeServiceConfigA 76E86DD9 5 Bytes JMP 00060804
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!ChangeServiceConfigW 76E86F81 5 Bytes JMP 00060A08
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!ChangeServiceConfig2A 76E87099 5 Bytes JMP 00060C0C
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!ChangeServiceConfig2W 76E871E1 5 Bytes JMP 00060E10
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ADVAPI32.dll!CreateServiceA 76E872A1 5 Bytes JMP 000601F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetWindowsHookExA 772B6322 5 Bytes JMP 00070600
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateDialogParamW 772B72A2 5 Bytes JMP 69C061F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!GetAsyncKeyState 772B863C 5 Bytes JMP 69A5DC5D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetWindowsHookExW 772B87AD 5 Bytes JMP 69AB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CallNextHookEx 772B8E3B 5 Bytes JMP 69AD7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!UnhookWindowsHookEx 772B98DB 5 Bytes JMP 69AFEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetWinEventHook 772B9F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!UnhookWinEvent 772BC06F 5 Bytes JMP 000703FC
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!EnableWindow 772BCD8B 5 Bytes JMP 69AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DefWindowProcA 772BDB88 7 Bytes JMP 69A793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateWindowExA 772BDC2A 2 Bytes JMP 69A83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateWindowExA + 3 772BDC2D 2 Bytes [7C, F2] {JL 0xfffffffffffffff4}
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateWindowExW 772C1305 5 Bytes JMP 69ADFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!GetKeyState 772C8CB1 5 Bytes JMP 69A5DB37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DefWindowProcW 772D03B4 7 Bytes JMP 69AD7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!IsDialogMessageW 772D0745 5 Bytes JMP 69C0696C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateDialogParamA 772D17AA 5 Bytes JMP 69C061C0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!IsDialogMessage 772D1847 5 Bytes JMP 69C06944 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateDialogIndirectParamA 772D26F1 5 Bytes JMP 69C06230 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!CreateDialogIndirectParamW 772D9A62 5 Bytes JMP 69C06268 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetKeyboardState 772E0987 5 Bytes JMP 69C07235 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DialogBoxParamW 772E10B0 5 Bytes JMP 69A115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DialogBoxIndirectParamW 772E2EF5 5 Bytes JMP 69C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SendInput 772E2F75 5 Bytes JMP 69C071DD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!EndDialog 772E326E 5 Bytes JMP 69C06C18 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetCursorPos 772F6FB2 1 Byte [E9]
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!SetCursorPos 772F6FB2 5 Bytes JMP 69C072B6 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DialogBoxParamA 772F8152 5 Bytes JMP 69C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!DialogBoxIndirectParamA 772F847D 5 Bytes JMP 69C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!MessageBoxIndirectA 7730D4D9 5 Bytes JMP 69C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!MessageBoxIndirectW 7730D5D3 5 Bytes JMP 69C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!MessageBoxExA 7730D639 5 Bytes JMP 69C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!MessageBoxExW 7730D65D 5 Bytes JMP 69C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] USER32.dll!keybd_event 7730D972 5 Bytes JMP 69C0719A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] SHELL32.dll!SHRestricted + D95 758F89A8 4 Bytes [CF, 01, D3, 68]
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] SHELL32.dll!SHRestricted + D9D 758F89B0 8 Bytes [E0, 61, D2, 68, 79, F7, D2, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5992] ole32.dll!OleLoadFromStream 76691E80 5 Bytes JMP 69C06676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\system32\services.exe[760] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 001C0002
IAT C:\Windows\system32\services.exe[760] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 001C0000
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74707817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7475A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7470BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [746FF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746FE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74738395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7470DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746FFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746FFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [746F71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7478CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7472C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [746FD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [746F6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [746F687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[804] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74702AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [68D3BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [68D3E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [68D37F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [68D3F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [68D407CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [68D3B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [68D3ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [68D31555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [68D30E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [68D260B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [68D27278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [68D433C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [68D319CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [68D26692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [68D3BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [68D3F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [68D4072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [68D407CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [68D30ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [68D3EFD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [68D39229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [68D3E73F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [68D3ECFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [68D3C6B1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [68D25F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [68D3F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [68D3939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [68D26291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [68D3E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [68D3EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [68D3DFBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [68D37BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [68D37F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [68D2F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [68D3E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [68D3B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [68D3ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [68D3AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [68D3939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [68D407CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [68D25F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [68D39229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [68D2F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [68D3F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [68D4072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [68D3F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [68D30ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [68D3D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [68D3D557] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [68D26692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [68D42FB4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [68D4327D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [68D43B2F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [68D2EEBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [68D319CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [68D260B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [68D30859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [68D43983] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [68D433C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [68D31555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [68D27278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [68D30E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [68D43E89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [68D2F30B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [68D43FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [68D43D27] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [68D2FCC5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [68D3A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [68D407CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [68D3E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [68D3A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [68D3B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [68D3B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [68D3C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [68D3F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [68D3BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [68D39F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [68D37F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [68D3E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [68D39AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [68D30ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [68D3A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [68D3ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [68D3EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [68D26291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [68D3939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [68D25F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [68D3E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [68D39C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [68D3968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [68D3997F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [68D3CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [68D3D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [68D3D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [68D40DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [68D2F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [68D2F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [68D40D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [68D41F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [68D41095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [68D2FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [68D412D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [68D2FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [68D41542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [68D41590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [68D41C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [68D41191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [68D41BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [68D419EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [68D2E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [68D41B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [68D4136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [68D4162F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [68D41284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [68D4194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [68D40F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [68D42769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [68D42937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [68D27430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [68D30178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [68D2FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [68D24984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [68D4140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [68D417B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [68D4171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [68D41CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [68D418A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [68D2FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [68D25D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [68D24927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [68D40F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [68D42028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [68D42B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [68D420D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [68D4218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [68D30123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [68D41F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [68D38C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [68D3F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [68D3FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [68D25EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [68D3029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [68D37F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [68D3C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [68D39C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [68D3968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [68D263E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [68D24E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [68D25F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [68D26D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [68D2F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [68D41F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [68D42028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [68D42B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [68D42B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [68D30178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [68D264C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [68D24CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [68D24927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [68D24984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [68D26528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[5992] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [68D247BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
#6 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 17 August 2011 - 12:57 PM
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2008 11:47:56 AM
System Uptime: 8/17/2011 6:54:18 AM (0 hours ago)
.
Motherboard: Intel Corporation | | SANTA ROSA CRB
Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz | U2E1 | 1729/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 37.963 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2605dn
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2605dn
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP2025dn
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP2025dn
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2605dn
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2605dn
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
8500A909_BasicWeb
8500A909_Help_BasicWeb
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother MFL-Pro Suite
BufferChm
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
DVD MovieFactory for TOSHIBA
EPSON Printer Software
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet Pro 8500 A909 Series
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Java Auto Updater
Java™ 6 Update 26
Java™ SE Runtime Environment 6
Malwarebytes' Anti-Malware version 1.51.1.1800
ManageEngine Desktop Central 6 - Agent
Marvell Miniport Driver
mCore
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
mMHouse
mPfMgr
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
oggcodecs 0.71.0946
PaperPort Image Printer
Protector Suite QL 5.6
QuickBooks Pro 2008
QuickBooks Simple Start 2008 (Plus Pack)
Realtek High Definition Audio Driver
Scan
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Music
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebReg
Windows Live ID Sign-in Assistant
Windows Media Encoder 9 Series
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:55:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2011 6:55:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/17/2011 6:55:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2011 6:55:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2011 6:47:29 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 1753 (0x6D9).
8/17/2011 6:45:18 AM, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: There are no more endpoints available from the endpoint mapper.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/17/2011 6:34:57 AM, Error: EventLog [6008] - The previous system shutdown at 6:33:13 AM on 8/17/2011 was unexpected.
8/17/2011 4:57:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
8/17/2011 4:56:07 AM, Error: EventLog [6008] - The previous system shutdown at 4:54:03 AM on 8/17/2011 was unexpected.
8/16/2011 6:29:09 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2011 6:29:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/16/2011 6:29:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2011 5:24:21 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2008 11:47:56 AM
System Uptime: 8/17/2011 6:54:18 AM (0 hours ago)
.
Motherboard: Intel Corporation | | SANTA ROSA CRB
Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz | U2E1 | 1729/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 73 GiB total, 37.963 GiB free.
D: is CDROM ()
E: is Removable
F: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2605dn
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2605dn
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet CP2025dn
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet CP2025dn
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: HP Color LaserJet 2605dn
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 2605dn
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet Pro 8500 A909g
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Officejet Pro 8500 A909g
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
8500A909_BasicWeb
8500A909_Help_BasicWeb
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player
avast! Free Antivirus
Bluetooth Stack for Windows by Toshiba
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother MFL-Pro Suite
BufferChm
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
DVD MovieFactory for TOSHIBA
EPSON Printer Software
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet Pro 8500 A909 Series
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Java Auto Updater
Java™ 6 Update 26
Java™ SE Runtime Environment 6
Malwarebytes' Anti-Malware version 1.51.1.1800
ManageEngine Desktop Central 6 - Agent
Marvell Miniport Driver
mCore
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft XML Parser
mMHouse
mPfMgr
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Network
oggcodecs 0.71.0946
PaperPort Image Printer
Protector Suite QL 5.6
QuickBooks Pro 2008
QuickBooks Simple Start 2008 (Plus Pack)
Realtek High Definition Audio Driver
Scan
ScanSoft PaperPort 11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
SupportSoft Assisted Service
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Music
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
WebReg
Windows Live ID Sign-in Assistant
Windows Media Encoder 9 Series
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/17/2011 6:56:19 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/17/2011 6:55:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/17/2011 6:55:55 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/17/2011 6:55:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
8/17/2011 6:55:19 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/17/2011 6:55:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/17/2011 6:47:29 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 1753 (0x6D9).
8/17/2011 6:45:18 AM, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: There are no more endpoints available from the endpoint mapper.
8/17/2011 6:45:18 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/17/2011 6:34:57 AM, Error: EventLog [6008] - The previous system shutdown at 6:33:13 AM on 8/17/2011 was unexpected.
8/17/2011 4:57:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Adobe Acrobat Update Service service to connect.
8/17/2011 4:56:07 AM, Error: EventLog [6008] - The previous system shutdown at 4:54:03 AM on 8/17/2011 was unexpected.
8/16/2011 6:29:09 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/16/2011 6:29:08 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/16/2011 6:29:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2011 5:24:21 AM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer Send To OneNote 2007 with shared resource name Send To OneNote 2007. Error 2114. The printer cannot be used by others on the network.
.
==== End Of File ===========================
#7 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 10:52 PM
Malware Annihilator
-
Zodiac:
Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 10h 30m 28s
Posted 17 August 2011 - 11:30 PM
Please, observe following rules:
========================================================================
Any particular reason why you ran DDS from Safe Mode?
Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
=========================================================================
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.
=========================================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
- Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
- If you're stuck, or you're not sure about certain step, always ask before doing anything else.
- Please refrain from running tools or applying updates other than those I suggest.
- Never run more than one scan at a time.
- Keep updating me regarding your computer behavior, good, or bad.
- The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
- If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
- I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
========================================================================
Any particular reason why you ran DDS from Safe Mode?
Download BlueScreenView (in Zip file)
No installation required.
Unzip downloaded file and double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit>Select All.
Go File>Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
=========================================================================
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.
- Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator. - Click the Report tab, then click Scan.
- Check Drivers, Stealth, and uncheck the rest.
- Click OK.
- Wait until it's finished and then go to File > Save Report.
- Save the report to your Desktop.
- Copy and paste the contents of the report into your next reply.
=========================================================================
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: http://www.appremover.com/
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Make sure, you re-enable your security programs, when you're done with Combofix.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTE.
If, for some reason, Combofix refuses to run, try one of the following:
1. Run Combofix from Safe Mode.
2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.
Rkill.com
Rkill.scr
Rkill.exe
- Double-click on the Rkill desktop icon to run the tool.
- If using Vista or Windows 7 right-click on it and choose Run As Administrator.
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- Do not reboot until instructed.
- If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.
If normal mode still doesn't work, run BOTH tools from safe mode.
In case #2, please post BOTH logs, rKill and Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
#8 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 17 August 2011 - 11:42 PM
I ran DDS in safe mode because of the blue screen that I got when I had tried to run it the first time.
==================================================
Dump File : Mini081711-02.dmp
Crash Time : 8/17/2011 6:34:52 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc056bdd8
Parameter 2 : 0xc0000185
Parameter 3 : 0x03d7f8c0
Parameter 4 : 0xad7bb340
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+7cc38
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+7cc38
Stack Address 1 : ntkrnlpa.exe+77f8a
Stack Address 2 : ntkrnlpa.exe+99331
Stack Address 3 : ntkrnlpa.exe+4ddd4
Computer Name :
Full Path : C:\Windows\Minidump\Mini081711-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 144,648
==================================================
==================================================
Dump File : Mini081711-01.dmp
Crash Time : 8/17/2011 4:56:12 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xcda00008
Parameter 2 : 0x00000000
Parameter 3 : 0x84cf43cb
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : fxdiqkod.sys+43cb
Stack Address 3 : fxdiqkod.sys+2096
Computer Name :
Full Path : C:\Windows\Minidump\Mini081711-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 138,472
==================================================
==================================================
Dump File : Mini081511-01.dmp
Crash Time : 8/15/2011 6:51:23 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x6f636e65
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x820ec6a4
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+b36a4
Stack Address 2 : ntkrnlpa.exe+373dc
Stack Address 3 : ntkrnlpa.exe+384cb
Computer Name :
Full Path : C:\Windows\Minidump\Mini081511-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 138,472
==================================================
==================================================
Dump File : Mini081711-02.dmp
Crash Time : 8/17/2011 6:34:52 AM
Bug Check String : KERNEL_DATA_INPAGE_ERROR
Bug Check Code : 0x0000007a
Parameter 1 : 0xc056bdd8
Parameter 2 : 0xc0000185
Parameter 3 : 0x03d7f8c0
Parameter 4 : 0xad7bb340
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+7cc38
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+7cc38
Stack Address 1 : ntkrnlpa.exe+77f8a
Stack Address 2 : ntkrnlpa.exe+99331
Stack Address 3 : ntkrnlpa.exe+4ddd4
Computer Name :
Full Path : C:\Windows\Minidump\Mini081711-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 144,648
==================================================
==================================================
Dump File : Mini081711-01.dmp
Crash Time : 8/17/2011 4:56:12 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : 0xcda00008
Parameter 2 : 0x00000000
Parameter 3 : 0x84cf43cb
Parameter 4 : 0x00000000
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+98379
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+98379
Stack Address 1 : ntkrnlpa.exe+4ddd4
Stack Address 2 : fxdiqkod.sys+43cb
Stack Address 3 : fxdiqkod.sys+2096
Computer Name :
Full Path : C:\Windows\Minidump\Mini081711-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 138,472
==================================================
==================================================
Dump File : Mini081511-01.dmp
Crash Time : 8/15/2011 6:51:23 PM
Bug Check String : IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x0000000a
Parameter 1 : 0x6f636e65
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x820ec6a4
Caused By Driver : ntkrnlpa.exe
Caused By Address : ntkrnlpa.exe+4dfd9
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.0.6002.18484 (vistasp2_gdr.110617-0336)
Processor : 32-bit
Crash Address : ntkrnlpa.exe+4dfd9
Stack Address 1 : ntkrnlpa.exe+b36a4
Stack Address 2 : ntkrnlpa.exe+373dc
Stack Address 3 : ntkrnlpa.exe+384cb
Computer Name :
Full Path : C:\Windows\Minidump\Mini081511-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 138,472
==================================================
#9 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 17 August 2011 - 11:47 PM
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8AE08000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6299648 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82802000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8B606000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x984A0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CA0A000 C:\Windows\system32\drivers\RTKVHDA.sys 1765376 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8CE0C000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x83A06000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82E7D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8380C000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB2407000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA9AC8000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8B40A000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B50E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8AA08000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8060A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82E0C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8CF35000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA9B8E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8D300000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0xB06ED000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8B853000 C:\Windows\system32\drivers\tifm21.sys 311296 bytes (Texas Instruments, tifm21.sys)
0x83B54000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)
0x8D372000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x8073C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D204000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80693000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B96A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B4C1000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D2BA000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82FB3000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB0674000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x83B16000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B59B000 C:\Windows\system32\DRIVERS\yk60x86.sys 233472 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0xA9A06000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8AAE4000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82BBC000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x805B5000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8D251000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B93B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8B8D7000 C:\Windows\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8079B000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8CBB9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82F88000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8AAA3000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9A81000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA9A49000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB06C5000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x83BB6000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EA000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8AB2A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x83911000 C:\Windows\System32\DRIVERS\fvevol.sys 147456 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8B9D8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x83935000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB0634000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB2563000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8CFC8000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xB0655000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807E0000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x83956000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x838F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x839CF000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8B89F000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB0606000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B917000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB06AD000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D35B000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B9B6000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8CBE6000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA9B78000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D283000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8AB5D000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xB061F000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x839AB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D3C4000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB24FB000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B5E3000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8AB85000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8B8B9000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA9AB5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D2A7000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB2510000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x83BDD000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8ABBA000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8AB19000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805E7000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8ABD4000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA9A71000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807C8000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B835000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8AA91000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8399C000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x839C0000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x83BA7000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80711000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B5D4000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B4FF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8072D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8B845000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x986E0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D299000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8AB4F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8078D000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8D3D9000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8CF28000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8AAD7000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80686000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB24EF000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8CFBC000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B4AA000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D3E6000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8B8CC000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8B908000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CE00000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B9CD000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B9AB000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x83989000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B4B6000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80723000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8D3F1000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8ABEC000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x80600000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8AACD000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9AAB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D2F6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xB24E5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8AB73000 C:\Windows\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xB258C000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x83BEE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8CFA5000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8ABCB000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8CA00000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x986C0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x83BF7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xB255A000 C:\Windows\System32\Drivers\UVCFTR_S.SYS 36864 bytes (Chicony Electronics Co., Ltd., UVCFTR_S.sys)
0x806D9000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807D8000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83994000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x8ABE4000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E2000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8CFE9000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CFF1000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xB2584000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x83B9F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8D3BC000 C:\Windows\System32\Drivers\tcusb.sys 32768 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0x8CFB5000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8CFF9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80786000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80404000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8CFAE000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8D24C000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x83B4F000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8B92F000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB2524000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8B913000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0xA9A3E000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x80720000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8AAA1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8B906000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8AE08000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6299648 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82802000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8B606000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x984A0000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CA0A000 C:\Windows\system32\drivers\RTKVHDA.sys 1765376 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x8CE0C000 C:\Windows\system32\DRIVERS\AGRSM.sys 1163264 bytes (Agere Systems, SoftModem Device Driver)
0x83A06000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82E7D000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8380C000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D5000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xB2407000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xA9AC8000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8B40A000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8B50E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8AA08000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x8060A000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82E0C000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8CF35000 C:\Windows\System32\Drivers\aswSnx.SYS 458752 bytes (AVAST Software, avast! Virtualization Driver)
0x8040B000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA9B8E000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8D300000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0xB06ED000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8B853000 C:\Windows\system32\drivers\tifm21.sys 311296 bytes (Texas Instruments, tifm21.sys)
0x83B54000 C:\Windows\system32\DRIVERS\tos_sps32.sys 307200 bytes (TOSHIBA Corporation, tos_sps2)
0x8D372000 C:\Windows\System32\Drivers\aswSP.SYS 303104 bytes (AVAST Software, avast! self protection module)
0x8073C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D204000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80693000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80494000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8B96A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8B4C1000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8D2BA000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82FB3000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xB0674000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x83B16000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8B59B000 C:\Windows\system32\DRIVERS\yk60x86.sys 233472 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0xA9A06000 C:\Windows\system32\drivers\aswMonFlt.sys 229376 bytes (AVAST Software, avast! File System Minifilter for Windows 2003/Vista)
0x8AAE4000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82BBC000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x805B5000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8D251000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8B93B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8B8D7000 C:\Windows\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8079B000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8CBB9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82F88000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8AAA3000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA9A81000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xA9A49000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xB06C5000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x83BB6000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806EA000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8AB2A000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x83911000 C:\Windows\System32\DRIVERS\fvevol.sys 147456 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8B9D8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x83935000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB0634000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xB2563000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x8CFC8000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xB0655000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x807E0000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x83956000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x838F6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x839CF000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8B89F000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB0606000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8B917000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xB06AD000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D35B000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8B9B6000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8CBE6000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA9B78000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D283000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8AB5D000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0xB061F000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x839AB000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8D3C4000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB24FB000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B5E3000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8AB85000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8B8B9000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA9AB5000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D2A7000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xB2510000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x83BDD000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8ABBA000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8AB19000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8047B000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x805E7000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8ABD4000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA9A71000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807C8000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8B835000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8AA91000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8399C000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x839C0000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x83BA7000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x80711000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B5D4000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8B4FF000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8072D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8B845000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x986E0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D299000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8AB4F000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8078D000 C:\Windows\system32\drivers\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8D3D9000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8CF28000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8AAD7000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80686000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xB24EF000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8CFBC000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8B4AA000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D3E6000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x8B8CC000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8B908000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8CE00000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8B9CD000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8B9AB000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x83989000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8B4B6000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80723000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8D3F1000 C:\Windows\System32\Drivers\dump_msahci.sys 40960 bytes
0x8ABEC000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x80600000 C:\Windows\system32\drivers\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8AACD000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9AAB000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D2F6000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xB24E5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8AB73000 C:\Windows\System32\Drivers\aswTdi.SYS 36864 bytes (AVAST Software, avast! TDI Filter Driver)
0xB258C000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x83BEE000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8CFA5000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8ABCB000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x8CA00000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x986C0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x83BF7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xB255A000 C:\Windows\System32\Drivers\UVCFTR_S.SYS 36864 bytes (Chicony Electronics Co., Ltd., UVCFTR_S.sys)
0x806D9000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x807D8000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048C000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x83994000 C:\Windows\system32\DRIVERS\FwLnk.sys 32768 bytes (TOSHIBA Corporation, TOSHIBA Firmware Linkage 32-bit Driver)
0x8ABE4000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x806E2000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8CFE9000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8CFF1000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0xB2584000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x83B9F000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8D3BC000 C:\Windows\System32\Drivers\tcusb.sys 32768 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0x8CFB5000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8CFF9000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80786000 C:\Windows\system32\drivers\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80404000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8CFAE000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8D24C000 C:\Windows\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0x83B4F000 C:\Windows\system32\DRIVERS\TVALZ_O.SYS 20480 bytes (TOSHIBA Corporation, TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver)
0x8B92F000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB2524000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8B913000 C:\Windows\system32\DRIVERS\tdcmdpst.sys 16384 bytes (TOSHIBA Corporation., Toshiba ODD Writing Driver For x86.)
0xA9A3E000 C:\Windows\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0x80720000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8AAA1000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8B906000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
#10 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 17 August 2011 - 11:58 PM
I got a blue screen when I tried to run combofix. Should I try it again or just run it in safe mode?
#11 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 10:52 PM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 10h 30m 28s
#12 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 18 August 2011 - 01:16 AM
I had to follow the instructions of case #2 and run everything in safe mode. Combofix then rebooted the computer and created the log.
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 08/17/2011 at 19:41:56.
Operating System: Windows Vista ™ Ultimate
Processes terminated by Rkill or while it was running:
Rkill completed on 08/17/2011 at 19:41:59.
ComboFix 11-08-17.03 - admin 08/17/2011 19:44:26.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1014.577 [GMT -5:00]
Running from: c:\users\admin\Desktop\jalpert.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 00:50 . 2011-08-18 00:50 -------- d-----w- c:\users\tbradley\AppData\Local\temp
2011-08-18 00:50 . 2011-08-18 00:50 -------- d-----w- c:\users\lheiman\AppData\Local\temp
2011-08-16 22:01 . 2011-07-20 14:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1CB3736-525F-4ADC-97A2-4D8BE395F539}\mpengine.dll
2011-08-16 22:00 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-16 12:19 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 12:19 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 11:48 . 2011-08-16 11:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 11:44 . 2011-08-16 11:44 -------- d-----w- c:\windows\Sun
2011-08-16 11:43 . 2011-08-16 11:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 11:28 . 2011-08-16 11:29 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-16 11:22 . 2011-08-16 11:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-16 09:27 . 2011-08-16 09:27 -------- d-----w- c:\users\admin\AppData\Local\Seven Zip
2011-08-16 08:38 . 2011-08-16 08:38 -------- d-----w- c:\program files\Windows Portable Devices
2011-08-16 01:26 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-08-16 01:26 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-08-16 01:26 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-08-16 01:23 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-16 01:23 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-16 01:23 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-08-16 01:20 . 2011-08-16 01:20 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-16 01:19 . 2011-08-16 01:19 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-16 01:19 . 2011-08-16 01:19 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-16 01:19 . 2011-08-16 01:19 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-16 01:19 . 2011-08-16 01:19 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-16 01:19 . 2011-08-16 01:19 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-08-16 01:19 . 2011-08-16 01:19 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-16 01:19 . 2011-08-16 01:19 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-16 00:14 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-16 00:07 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-16 00:07 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-08-16 00:07 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-08-16 00:07 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-08-16 00:07 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-08-16 00:07 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-08-16 00:07 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-08-16 00:07 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-08-16 00:07 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-08-16 00:07 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-16 00:07 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-08-16 00:07 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-08-16 00:02 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-16 00:01 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-16 00:00 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-16 00:00 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-15 23:06 . 2011-08-15 23:06 -------- d-----w- c:\users\admin\AppData\Roaming\TOSHIBA
2011-08-15 18:36 . 2011-08-15 18:36 -------- d-----w- c:\windows\system32\ca-ES
2011-08-15 18:36 . 2011-08-15 18:36 -------- d-----w- c:\windows\system32\eu-ES
2011-08-15 18:36 . 2011-08-15 18:36 -------- d-----w- c:\windows\system32\vi-VN
2011-08-15 17:57 . 2011-08-15 17:57 -------- d-----w- c:\windows\system32\EventProviders
2011-08-15 17:55 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-08-15 17:55 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-08-15 16:44 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-08-15 16:30 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-08-15 16:28 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2011-08-15 16:28 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll
2011-08-15 14:10 . 2009-04-11 06:28 250368 ----a-w- c:\windows\system32\wevtapi.dll
2011-08-15 14:09 . 2009-04-11 06:28 67584 ----a-w- c:\windows\system32\regapi.dll
2011-08-15 14:08 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-08-15 14:08 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-08-15 14:08 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-08-15 14:08 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-08-15 14:08 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-08-15 14:08 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-15 14:08 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-08-15 14:08 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-08-15 14:08 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-08-15 14:08 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-08-15 14:08 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-08-15 13:59 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-15 13:59 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-15 13:59 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-15 13:59 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-15 13:59 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-15 13:49 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-08-15 13:35 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-15 13:35 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-15 13:35 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-08-15 13:34 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-08-15 13:34 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-08-15 13:34 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-08-15 13:33 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-08-15 13:33 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-15 13:33 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-15 13:33 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-15 13:33 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-08-15 13:33 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-08-15 13:31 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-08-15 13:30 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-08-15 13:30 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-08-15 13:30 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-08-15 13:30 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-08-15 13:30 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-08-15 13:30 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-08-15 13:29 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-08-15 13:29 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-08-15 13:29 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-15 13:28 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-08-15 13:14 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-08-15 13:14 . 2009-04-11 06:28 840704 ----a-w- c:\windows\system32\WFS.exe
2011-08-15 13:11 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-15 11:20 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-15 11:20 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-15 11:20 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-15 11:20 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-15 11:20 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-15 11:20 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-15 11:18 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-15 11:18 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-15 11:18 . 2011-08-15 11:18 -------- d-----w- c:\programdata\AVAST Software
2011-08-15 11:18 . 2011-08-15 11:18 -------- d-----w- c:\program files\AVAST Software
2011-08-15 11:03 . 2011-08-15 11:04 -------- d-----w- c:\users\admin\AppData\Local\ApplicationHistory
2011-08-15 10:31 . 2011-08-15 10:31 -------- d-----w- C:\PerfLogs
2011-08-14 20:49 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-14 20:49 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-14 20:49 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-14 20:29 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2011-08-14 20:29 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2011-08-14 20:29 . 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
2011-08-14 20:27 . 2008-01-19 07:36 347648 ----a-w- c:\windows\system32\wmdrmnet.dll
2011-08-14 20:26 . 2008-01-19 07:36 300032 ----a-w- c:\windows\system32\puiobj.dll
2011-08-14 20:25 . 2008-01-19 07:33 22528 ----a-w- c:\windows\system32\blb_ps.dll
2011-08-14 20:24 . 2008-01-19 07:36 10752 ----a-w- c:\windows\system32\txfw32.dll
2011-08-14 20:23 . 2008-01-19 07:33 97280 ----a-w- c:\windows\system32\OptionalFeatures.exe
2011-08-14 20:22 . 2008-01-19 05:49 2048 ----a-w- c:\windows\system32\dmdskres2.dll
2011-08-14 20:22 . 2008-01-19 05:49 5504 ----a-w- c:\windows\system32\drivers\mspqm.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 01:19 . 2011-08-16 01:19 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-08-15 09:51 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-15 09:51 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-04-20 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1001042732-2042417359-1096583672-1003\Scripts\Logoff\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1001042732-2042417359-1096583672-1003\Scripts\Logon\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\generalAlerts.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1001042732-2042417359-1096583672-1003\Scripts\Logon\0\1]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1143\Scripts\Logoff\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1143\Scripts\Logon\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\generalAlerts.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1143\Scripts\Logon\0\1]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1639\Scripts\Logoff\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1639\Scripts\Logon\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\generalAlerts.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1639\Scripts\Logon\0\1]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 ManageEngine Desktop Central 6 - Desktop Sharing;ManageEngine Desktop Central 6 - Desktop Sharing;c:\program files\DesktopCentral_Agent\\bin\RemoteDesktop.exe [2007-12-28 307200]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\UP_date\PEDrv.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 135664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????O?@?j??????@???x?????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'Explorer.exe'(1272)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2011-08-17 20:08:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 01:08
.
Pre-Run: 41,689,591,808 bytes free
Post-Run: 41,031,856,128 bytes free
.
- - End Of File - - 69B36A176EB7F6AB577C4673471974A4
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Rkill was run on 08/17/2011 at 19:41:56.
Operating System: Windows Vista ™ Ultimate
Processes terminated by Rkill or while it was running:
Rkill completed on 08/17/2011 at 19:41:59.
ComboFix 11-08-17.03 - admin 08/17/2011 19:44:26.1.2 - x86 MINIMAL
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.1014.577 [GMT -5:00]
Running from: c:\users\admin\Desktop\jalpert.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\windows\system32\GroupPolicy\User\Scripts\scripts.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 00:50 . 2011-08-18 00:50 -------- d-----w- c:\users\tbradley\AppData\Local\temp
2011-08-18 00:50 . 2011-08-18 00:50 -------- d-----w- c:\users\lheiman\AppData\Local\temp
2011-08-16 22:01 . 2011-07-20 14:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1CB3736-525F-4ADC-97A2-4D8BE395F539}\mpengine.dll
2011-08-16 22:00 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-16 12:19 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-16 12:19 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-16 11:48 . 2011-08-16 11:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-16 11:44 . 2011-08-16 11:44 -------- d-----w- c:\windows\Sun
2011-08-16 11:43 . 2011-08-16 11:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-16 11:28 . 2011-08-16 11:29 -------- d-----w- c:\program files\Common Files\Adobe
2011-08-16 11:22 . 2011-08-16 11:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-08-16 09:27 . 2011-08-16 09:27 -------- d-----w- c:\users\admin\AppData\Local\Seven Zip
2011-08-16 08:38 . 2011-08-16 08:38 -------- d-----w- c:\program files\Windows Portable Devices
2011-08-16 01:26 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-08-16 01:26 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-08-16 01:26 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-08-16 01:23 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-16 01:23 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-16 01:23 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-08-16 01:20 . 2011-08-16 01:20 98816 ----a-w- c:\windows\system32\mfps.dll
2011-08-16 01:19 . 2011-08-16 01:19 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-16 01:19 . 2011-08-16 01:19 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-16 01:19 . 2011-08-16 01:19 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-16 01:19 . 2011-08-16 01:19 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-16 01:19 . 2011-08-16 01:19 519680 ----a-w- c:\windows\system32\d3d11.dll
2011-08-16 01:19 . 2011-08-16 01:19 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-16 01:19 . 2011-08-16 01:19 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-16 00:14 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-16 00:07 . 2011-01-20 16:08 160768 ----a-w- c:\windows\system32\d3d10_1.dll
2011-08-16 00:07 . 2011-01-20 16:08 1029120 ----a-w- c:\windows\system32\d3d10.dll
2011-08-16 00:07 . 2011-01-20 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
2011-08-16 00:07 . 2011-01-20 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll
2011-08-16 00:07 . 2011-02-22 13:33 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-08-16 00:07 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-08-16 00:07 . 2011-01-20 16:08 219648 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-08-16 00:07 . 2011-01-20 16:08 189952 ----a-w- c:\windows\system32\d3d10core.dll
2011-08-16 00:07 . 2011-01-20 14:11 486400 ----a-w- c:\windows\system32\d3d10level9.dll
2011-08-16 00:07 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-08-16 00:07 . 2011-01-20 14:28 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2011-08-16 00:07 . 2011-01-20 14:25 847360 ----a-w- c:\windows\system32\OpcServices.dll
2011-08-16 00:02 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-16 00:01 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-16 00:00 . 2011-06-20 08:54 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-16 00:00 . 2011-06-20 08:54 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-15 23:06 . 2011-08-15 23:06 -------- d-----w- c:\users\admin\AppData\Roaming\TOSHIBA
2011-08-15 18:36 . 2011-08-15 18:36 -------- d-----w- c:\windows\system32\ca-ES
2011-08-15 18:36 . 2011-08-15 18:36 -------- d-----w- c:\windows\system32\eu-ES
2011-08-15 18:36 . 2011-08-15 18:36 -------- d-----w- c:\windows\system32\vi-VN
2011-08-15 17:57 . 2011-08-15 17:57 -------- d-----w- c:\windows\system32\EventProviders
2011-08-15 17:55 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-08-15 17:55 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-08-15 16:44 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2011-08-15 16:30 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-08-15 16:28 . 2009-01-08 01:20 265720 ----a-w- c:\program files\Internet Explorer\msdbg2.dll
2011-08-15 16:28 . 2009-01-08 01:20 355832 ----a-w- c:\program files\Internet Explorer\pdm.dll
2011-08-15 14:10 . 2009-04-11 06:28 250368 ----a-w- c:\windows\system32\wevtapi.dll
2011-08-15 14:09 . 2009-04-11 06:28 67584 ----a-w- c:\windows\system32\regapi.dll
2011-08-15 14:08 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2011-08-15 14:08 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-08-15 14:08 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2011-08-15 14:08 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2011-08-15 14:08 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2011-08-15 14:08 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2011-08-15 14:08 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2011-08-15 14:08 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2011-08-15 14:08 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2011-08-15 14:08 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2011-08-15 14:08 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2011-08-15 13:59 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-15 13:59 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-15 13:59 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-15 13:59 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-15 13:59 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-15 13:49 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2011-08-15 13:35 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2011-08-15 13:35 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-08-15 13:35 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2011-08-15 13:34 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-08-15 13:34 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-08-15 13:34 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-08-15 13:33 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-08-15 13:33 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-15 13:33 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-15 13:33 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll
2011-08-15 13:33 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-08-15 13:33 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe
2011-08-15 13:31 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2011-08-15 13:30 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe
2011-08-15 13:30 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2011-08-15 13:30 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2011-08-15 13:30 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2011-08-15 13:30 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-08-15 13:30 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2011-08-15 13:29 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-08-15 13:29 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-08-15 13:29 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-15 13:28 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-08-15 13:14 . 2011-02-12 08:39 191488 ----a-w- c:\windows\system32\FXSCOVER.exe
2011-08-15 13:14 . 2009-04-11 06:28 840704 ----a-w- c:\windows\system32\WFS.exe
2011-08-15 13:11 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-15 11:20 . 2011-07-04 11:32 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-08-15 11:20 . 2011-07-04 11:36 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-08-15 11:20 . 2011-07-04 11:32 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-08-15 11:20 . 2011-07-04 11:35 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-08-15 11:20 . 2011-07-04 11:36 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-08-15 11:20 . 2011-07-04 11:32 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-08-15 11:18 . 2011-07-04 11:43 40112 ----a-w- c:\windows\avastSS.scr
2011-08-15 11:18 . 2011-07-04 11:43 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-08-15 11:18 . 2011-08-15 11:18 -------- d-----w- c:\programdata\AVAST Software
2011-08-15 11:18 . 2011-08-15 11:18 -------- d-----w- c:\program files\AVAST Software
2011-08-15 11:03 . 2011-08-15 11:04 -------- d-----w- c:\users\admin\AppData\Local\ApplicationHistory
2011-08-15 10:31 . 2011-08-15 10:31 -------- d-----w- C:\PerfLogs
2011-08-14 20:49 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-08-14 20:49 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2011-08-14 20:49 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2011-08-14 20:29 . 2008-01-19 07:29 705536 ----a-w- c:\windows\system32\imagesp1.dll
2011-08-14 20:29 . 2008-01-19 07:36 116736 ----a-w- c:\windows\system32\sstpsvc.dll
2011-08-14 20:29 . 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
2011-08-14 20:27 . 2008-01-19 07:36 347648 ----a-w- c:\windows\system32\wmdrmnet.dll
2011-08-14 20:26 . 2008-01-19 07:36 300032 ----a-w- c:\windows\system32\puiobj.dll
2011-08-14 20:25 . 2008-01-19 07:33 22528 ----a-w- c:\windows\system32\blb_ps.dll
2011-08-14 20:24 . 2008-01-19 07:36 10752 ----a-w- c:\windows\system32\txfw32.dll
2011-08-14 20:23 . 2008-01-19 07:33 97280 ----a-w- c:\windows\system32\OptionalFeatures.exe
2011-08-14 20:22 . 2008-01-19 05:49 2048 ----a-w- c:\windows\system32\dmdskres2.dll
2011-08-14 20:22 . 2008-01-19 05:49 5504 ----a-w- c:\windows\system32\drivers\mspqm.sys
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-16 01:19 . 2011-08-16 01:19 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2011-08-15 09:51 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-08-15 09:51 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2006-12-04 00:03 2854912 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2007-04-20 430080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-25 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-25 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-25 138008]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2006-12-03 49168]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-25 4444160]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-03-22 448632]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 538744]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"Skytel"="Skytel.exe" [2007-04-13 1822720]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-12-03 23:50 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1001042732-2042417359-1096583672-1003\Scripts\Logoff\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1001042732-2042417359-1096583672-1003\Scripts\Logon\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\generalAlerts.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1001042732-2042417359-1096583672-1003\Scripts\Logon\0\1]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1143\Scripts\Logoff\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1143\Scripts\Logon\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\generalAlerts.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1143\Scripts\Logon\0\1]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1639\Scripts\Logoff\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1639\Scripts\Logon\0\0]
"Script"=c:\program files\DesktopCentral_Agent\scripts\generalAlerts.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3801153300-58154469-2640107458-1639\Scripts\Logon\0\1]
"Script"=c:\program files\DesktopCentral_Agent\scripts\UserLogonInfo.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 IO_Memory;IO_Memory;c:\windows\SYSTEM32\SYSPREP\Drivers\ioport.sys [x]
R3 ManageEngine Desktop Central 6 - Desktop Sharing;ManageEngine Desktop Central 6 - Desktop Sharing;c:\program files\DesktopCentral_Agent\\bin\RemoteDesktop.exe [2007-12-28 307200]
R3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\UP_date\PEDrv.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 135664]
R4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-04 135664]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i??????O?@?j??????@???x?????????
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
- - - - - - - > 'Explorer.exe'(1272)
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Protector Suite QL\upeksvr.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\toshiba\IVP\ISM\pinger.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2011-08-17 20:08:57 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-18 01:08
.
Pre-Run: 41,689,591,808 bytes free
Post-Run: 41,031,856,128 bytes free
.
- - End Of File - - 69B36A176EB7F6AB577C4673471974A4
#13 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 18 August 2011 - 01:26 AM
Strange thing - combofix rebooted the computer, when it came back up combofix said not to run anything because it was creating the log. I copied the log to a usb stick and posted the logs here from my main computer.
If I try to click on any program on the laptop, I get a message that says - Illegal operation attempted on a registry key that has been marked for deletion.
If I try to click on any program on the laptop, I get a message that says - Illegal operation attempted on a registry key that has been marked for deletion.
#14 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 10:52 PM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 10h 30m 28s
Posted 18 August 2011 - 01:48 AM
Quote
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
Combofix log looks good new.
How is computer doing at the moment?
Download OTL to your Desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Scan All Users checkbox.
- Under the Custom Scan box paste this in:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop
- Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
#15 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 18 August 2011 - 02:23 AM
OTL logfile created on: 8/17/2011 9:00:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\admin\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.69 Mb Total Physical Memory | 202.73 Mb Available Physical Memory | 20.00% Memory free
2.24 Gb Paging File | 1.25 Gb Available in Paging File | 55.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 38.32 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Computer Name: HM-LISALAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/17 20:56:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/01/31 14:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/12/06 08:16:22 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/05/22 18:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/05/17 22:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/05/17 18:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/04/25 13:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/20 17:09:16 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/10 18:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 12:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/03/22 13:46:54 | 000,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/03 18:51:38 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/12/03 18:34:56 | 000,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/11/15 00:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/11/14 23:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/16 04:52:19 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\3cb26fd553d96eef37800935d0c71293\TCrdMain.ni.exe
MOD - [2011/08/16 03:47:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/16 03:47:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/16 03:46:57 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll
MOD - [2011/08/16 03:46:53 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll
MOD - [2011/08/16 03:46:20 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll
MOD - [2011/08/16 03:46:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll
MOD - [2011/08/16 03:45:55 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/16 03:44:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2007/05/22 13:39:00 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/05/17 18:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2007/04/23 12:38:08 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll
MOD - [2007/04/20 17:09:16 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/11/09 20:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 20:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/27 21:29:30 | 000,307,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DesktopCentral_Agent\bin\RemoteDesktop.exe -- (ManageEngine Desktop Central 6 - Desktop Sharing)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/05/17 22:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ==========
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/27 22:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/16 12:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 16:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/03 03:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2007/01/03 03:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/03 03:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 00:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 00:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2011/08/17 19:54:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/08/17 20:56:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011/08/17 19:54:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/17 19:50:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/17 19:42:41 | 000,000,000 | ---D | C] -- C:\jalpert
[2011/08/17 19:23:18 | 004,176,704 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\jalpert.exe
[2011/08/17 19:16:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/17 18:51:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/17 18:51:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/17 18:51:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/17 18:51:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/17 18:51:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/16 07:19:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/16 07:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/16 07:19:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/16 07:11:11 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Tools
[2011/08/16 06:44:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/16 06:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/16 06:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/16 06:28:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/16 06:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/16 04:27:10 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Seven Zip
[2011/08/16 03:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/08/15 18:51:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/15 18:06:15 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\TOSHIBA
[2011/08/15 13:36:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/08/15 13:36:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/08/15 13:36:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/08/15 12:57:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/15 08:50:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/08/15 07:44:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Desktop\%USERPROFILE%
[2011/08/15 06:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/15 06:20:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/08/15 06:20:10 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/08/15 06:20:06 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/08/15 06:20:05 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/08/15 06:20:03 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/08/15 06:20:01 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/08/15 06:18:42 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/08/15 06:18:42 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/15 06:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/15 06:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/15 06:03:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ApplicationHistory
[2011/08/15 05:31:45 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/08/10 06:25:30 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2011/08/10 06:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/10 06:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/17 20:57:59 | 000,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/17 20:57:59 | 000,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/17 20:56:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011/08/17 20:52:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 20:52:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 20:52:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 20:52:00 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 19:54:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/17 19:38:06 | 001,008,092 | ---- | M] () -- C:\Users\admin\Desktop\rkill.exe
[2011/08/17 19:37:48 | 001,008,092 | ---- | M] () -- C:\Users\admin\Desktop\rkill.scr
[2011/08/17 19:32:34 | 222,134,721 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/17 19:28:42 | 004,176,704 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\jalpert.exe
[2011/08/17 19:24:15 | 001,008,092 | ---- | M] () -- C:\Users\admin\Desktop\rkill.com
[2011/08/16 06:49:45 | 000,000,543 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/08/16 05:46:37 | 000,403,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/16 03:45:49 | 000,000,954 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/16 03:38:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/15 20:22:11 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/15 20:22:11 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/15 20:21:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/15 17:52:36 | 004,673,763 | ---- | M] () -- C:\Users\admin\Documents\Toshiba User Guide.pdf
[2011/08/15 13:34:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/15 06:20:12 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/15 06:20:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/15 04:51:40 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011/08/15 04:51:12 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011/08/14 16:09:19 | 055,803,904 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/14 16:09:19 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/14 16:09:19 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/14 13:32:45 | 000,000,067 | ---- | M] () -- C:\Windows\swupdate.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/17 19:51:55 | 1063,706,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/17 19:40:37 | 001,008,092 | ---- | C] () -- C:\Users\admin\Desktop\rkill.exe
[2011/08/17 19:40:30 | 001,008,092 | ---- | C] () -- C:\Users\admin\Desktop\rkill.scr
[2011/08/17 19:24:07 | 001,008,092 | ---- | C] () -- C:\Users\admin\Desktop\rkill.com
[2011/08/17 18:51:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/17 18:51:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/17 18:51:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/17 18:51:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/17 18:51:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/16 06:29:40 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/16 03:38:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/15 20:21:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/15 18:50:47 | 222,134,721 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/15 17:52:16 | 004,673,763 | ---- | C] () -- C:\Users\admin\Documents\Toshiba User Guide.pdf
[2011/08/15 13:34:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/15 11:44:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/15 11:44:25 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/08/15 09:11:16 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/08/15 09:11:13 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/08/15 09:11:02 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/08/15 09:11:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/15 09:10:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/15 09:10:56 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/08/15 09:10:51 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/08/15 09:10:32 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/08/15 09:10:28 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/08/15 09:09:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/15 09:09:27 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/08/15 09:09:08 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/08/15 08:48:40 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/08/15 08:48:40 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/08/15 08:48:40 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/08/15 06:20:12 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/15 05:52:40 | 000,000,960 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/14 16:01:54 | 055,803,904 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/14 16:01:54 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/14 16:01:54 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/14 15:27:28 | 000,147,439 | ---- | C] () -- C:\Windows\System32\gpedit.msc
[2011/08/14 15:23:42 | 000,128,482 | ---- | C] () -- C:\Windows\System32\manage-bde.wsf
[2011/08/14 15:23:11 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011/08/14 15:22:48 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2011/08/14 15:22:45 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2011/08/14 15:22:31 | 000,120,458 | ---- | C] () -- C:\Windows\System32\secpol.msc
[2011/08/14 15:22:28 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2011/08/14 15:22:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2011/08/14 14:31:15 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/08/14 14:31:09 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2011/05/04 08:56:51 | 000,192,474 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011/05/04 08:56:51 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2009/09/02 21:13:28 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/02 21:12:10 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7040.dat
[2009/09/02 21:09:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009/09/02 21:06:33 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/05/03 11:23:47 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/04/26 12:31:29 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/04/26 12:31:29 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/04/26 12:31:28 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/04/26 12:31:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/06/11 19:09:04 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/06/11 18:44:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/06/11 18:44:51 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/06/11 18:44:51 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/06/11 18:44:51 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/06/11 18:44:51 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/06/11 18:44:51 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/06/11 18:06:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/06/11 18:06:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/06/11 18:06:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/06/11 18:06:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/22 14:51:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/05/22 14:26:48 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/22 13:39:00 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/03/06 18:54:04 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/05 15:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,403,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,012 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,040 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 19:27:08 | 000,292,352 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
========== LOP Check ==========
[2011/08/15 18:06:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TOSHIBA
[2011/08/17 20:51:05 | 000,022,424 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 04:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/06/11 18:03:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/08/17 20:09:01 | 000,024,750 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/08/17 20:52:00 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 20:51:57 | 1377,505,280 | -HS- | M] () -- C:\pagefile.sys
[2011/08/17 19:41:59 | 000,000,366 | ---- | M] () -- C:\rkill.log
< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/08/15 13:21:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/05/14 14:56:34 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
[2006/11/02 07:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/07/04 06:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2011/08/15 05:50:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2007/06/11 18:03:11 | 007,147,520 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/06/11 18:03:09 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/06/11 18:03:11 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/06/11 18:03:16 | 016,031,744 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/06/11 18:03:18 | 006,070,272 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/16 03:45:49 | 000,000,221 | -HS- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2011/08/17 19:28:42 | 004,176,704 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\jalpert.exe
[2011/08/17 20:56:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011/08/17 19:38:06 | 001,008,092 | ---- | M] () -- C:\Users\admin\Desktop\rkill.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2006/11/02 07:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2008/06/14 11:16:29 | 000,000,402 | -HS- | M] () -- C:\Users\admin\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/04 09:16:48 | 000,000,432 | ---- | M] () -- C:\ProgramData\hpzinstall.log
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
[2007/04/27 17:59:24 | 000,593,984 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-17 10:19:45
< End of report >
OTL Extras logfile created on: 8/17/2011 9:00:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\admin\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.69 Mb Total Physical Memory | 202.73 Mb Available Physical Memory | 20.00% Memory free
2.24 Gb Paging File | 1.25 Gb Available in Paging File | 55.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 38.32 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Computer Name: HM-LISALAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4DAB0B71-B389-45CE-BB53-AEE4F3B71417}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7EB5A1ED-AB59-46F4-ACD1-800D925DDD43}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0226DAF8-D69A-415F-93E2-DA6ED7E3C4F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{2C107ACB-1D1B-4C9A-8C15-4E75D98D860D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{44621F0C-7B87-40A5-AB23-6642D663A44D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4FE23D9F-D6D3-4D4A-8AFC-2471B41F23C5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{5961CED1-453B-4DF0-9A26-AFFBBF0D04CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A1B90C82-2131-4A42-9E5D-828B6DDF7458}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A799F99A-E69B-49C4-B565-F8F378D72E54}" = dir=in | app=c:\users\admin\appdata\local\temp\7zs165d\ojp8500va909_basic_14\setup\hpznui01.exe |
"{AD8335CF-F112-4300-B386-9C5CB647765E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B96D7FE4-3934-4795-A53D-F051293FC39D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CAD981B3-1DF0-4AEF-8C33-86341055DEDC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{F5774640-DAFD-42B7-B977-0942C5D3E1C7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{6AD2231F-FF48-4D59-AC26-405AFAE23DB7}" = ManageEngine Desktop Central 6 - Agent
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8ECB8220-F420-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008 (Plus Pack)
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B1054C0C-0C16-41E1-8A9D-35F065793E92}" = HP Officejet Pro 8500 A909 Series
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast" = avast! Free Antivirus
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"oggcodecs" = oggcodecs 0.71.0946
"ProInst" = Intel® PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"YTdetect" = Yahoo! Detect
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/17/2011 8:11:36 PM | Computer Name = hm-lisalaptop | Source = EventSystem | ID = 4609
Description =
Error - 8/17/2011 8:19:02 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
Error - 8/17/2011 8:19:54 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
Error - 8/17/2011 8:33:23 PM | Computer Name = hm-lisalaptop | Source = EventSystem | ID = 4609
Description =
Error - 8/17/2011 8:42:03 PM | Computer Name = hm-lisalaptop | Source = EventSystem | ID = 4609
Description =
Error - 8/17/2011 8:49:45 PM | Computer Name = hm-lisalaptop | Source = EventSystem | ID = 4609
Description =
Error - 8/17/2011 8:54:59 PM | Computer Name = hm-lisalaptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_gpsvc, version 6.0.6001.18000, time
stamp 0x47918b89, faulting module gpsvc.dll, version 6.0.6002.18005, time stamp
0x49e0372b, exception code 0xc0000005, fault offset 0x0000e1b3, process id 0xf1c,
application start time 0x01cc5d4170253754.
Error - 8/17/2011 9:01:00 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
Error - 8/17/2011 9:53:17 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
Error - 8/17/2011 9:53:33 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
[ System Events ]
Error - 8/17/2011 8:50:20 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7001
Description =
Error - 8/17/2011 8:50:53 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7030
Description =
Error - 8/17/2011 8:53:34 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7024
Description =
Error - 8/17/2011 8:53:34 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7000
Description =
Error - 8/17/2011 8:53:34 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7023
Description =
Error - 8/17/2011 8:53:34 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7031
Description =
Error - 8/17/2011 8:55:32 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7031
Description =
Error - 8/17/2011 9:01:12 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 8/17/2011 9:52:49 PM | Computer Name = hm-lisalaptop | Source = Print | ID = 19
Description = The print spooler failed to share printer QuickBooks PDF Converter
with shared resource name QuickBooks PDF Converter. Error 2114. The printer cannot
be used by others on the network.
Error - 8/17/2011 9:53:38 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7000
Description =
< End of report >
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\admin\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.69 Mb Total Physical Memory | 202.73 Mb Available Physical Memory | 20.00% Memory free
2.24 Gb Paging File | 1.25 Gb Available in Paging File | 55.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 38.32 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Computer Name: HM-LISALAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/17 20:56:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/01/31 14:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/12/06 08:16:22 | 000,200,704 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynToshiba.exe
PRC - [2007/05/22 18:32:52 | 000,538,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
PRC - [2007/05/17 22:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2007/05/17 18:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2007/04/25 13:14:16 | 004,444,160 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/20 17:09:16 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2007/04/10 18:40:28 | 000,413,696 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
PRC - [2007/03/29 12:39:18 | 000,411,192 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
PRC - [2007/03/22 13:46:54 | 000,448,632 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe
PRC - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/12/03 18:51:38 | 000,021,504 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2006/12/03 18:34:56 | 000,054,288 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2006/11/15 00:02:36 | 001,372,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/11/14 23:19:42 | 000,405,504 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
========== Modules (No Company Name) ==========
MOD - [2011/08/16 04:52:19 | 000,519,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\TCrdMain\3cb26fd553d96eef37800935d0c71293\TCrdMain.ni.exe
MOD - [2011/08/16 03:47:56 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/16 03:47:41 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/16 03:46:57 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\6a38f370d4e68b65106d1065d0b77067\PresentationFramework.Aero.ni.dll
MOD - [2011/08/16 03:46:53 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\180849cb54aab0bc77a229c41f967c90\PresentationFramework.ni.dll
MOD - [2011/08/16 03:46:20 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\cbe5fbb2e20534d89c0588cc05418840\PresentationCore.ni.dll
MOD - [2011/08/16 03:46:00 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9afe86eee3ddf79c5f6cf5d85873c464\WindowsBase.ni.dll
MOD - [2011/08/16 03:45:55 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/16 03:44:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2007/05/22 13:39:00 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2007/05/17 18:03:24 | 004,813,312 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
MOD - [2007/04/23 12:38:08 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\ConfigFree\NotifyCFF.dll
MOD - [2007/04/20 17:09:16 | 000,430,080 | ---- | M] () -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
MOD - [2006/12/01 20:55:42 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\TBS\NotifyTBS.dll
MOD - [2006/11/09 20:27:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\TWarnMsg\TWarnMsg.dll
MOD - [2006/11/08 20:08:30 | 000,009,216 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll
MOD - [2006/10/10 13:44:16 | 000,009,728 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Assist\NotifyX.dll
MOD - [2006/10/07 13:57:04 | 000,053,248 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Disc Creator\NotifyTDC.dll
========== Win32 Services (SafeList) ==========
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/27 21:29:30 | 000,307,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DesktopCentral_Agent\bin\RemoteDesktop.exe -- (ManageEngine Desktop Central 6 - Desktop Sharing)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/05/17 22:12:30 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2007/03/29 12:39:20 | 000,427,576 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2007/02/25 23:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/25 19:50:26 | 000,063,096 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 19:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2007/01/11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [On_Demand | Stopped] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2006/11/14 22:33:10 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2006/10/05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/08/23 18:39:48 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/25 20:30:16 | 000,114,688 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
========== Driver Services (SafeList) ==========
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/27 22:13:58 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2007/04/16 12:19:10 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/01/24 16:44:06 | 000,290,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/01/03 03:43:19 | 000,479,488 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr3npxp.sys -- (KR3NPXP)
DRV - [2007/01/03 03:43:19 | 000,207,104 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2007/01/03 03:43:18 | 000,216,320 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/28 17:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 00:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/10/18 13:50:04 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2006/10/06 00:22:14 | 000,016,768 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2011/08/17 19:54:25 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1001042732-2042417359-1096583672-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\Toshiba-1.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011/08/17 20:56:28 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011/08/17 19:54:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/17 19:50:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/17 19:42:41 | 000,000,000 | ---D | C] -- C:\jalpert
[2011/08/17 19:23:18 | 004,176,704 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\jalpert.exe
[2011/08/17 19:16:10 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/08/17 18:51:19 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/17 18:51:19 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/17 18:51:19 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/17 18:51:07 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/17 18:51:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/16 07:19:35 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/08/16 07:19:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/16 07:19:30 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/08/16 07:11:11 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\Tools
[2011/08/16 06:44:33 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011/08/16 06:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/08/16 06:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/08/16 06:28:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/08/16 06:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/08/16 04:27:10 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Seven Zip
[2011/08/16 03:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/08/15 18:51:14 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/08/15 18:06:15 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\TOSHIBA
[2011/08/15 13:36:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/08/15 13:36:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/08/15 13:36:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/08/15 12:57:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011/08/15 08:50:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/08/15 07:44:03 | 000,000,000 | -HSD | C] -- C:\Users\admin\Desktop\%USERPROFILE%
[2011/08/15 06:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/08/15 06:20:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011/08/15 06:20:10 | 000,309,848 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011/08/15 06:20:06 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011/08/15 06:20:05 | 000,043,608 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011/08/15 06:20:03 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011/08/15 06:20:01 | 000,054,104 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011/08/15 06:18:42 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011/08/15 06:18:42 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/08/15 06:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/08/15 06:18:13 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/08/15 06:03:45 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\ApplicationHistory
[2011/08/15 05:31:45 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011/08/10 06:25:30 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2011/08/10 06:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/10 06:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/08/17 20:57:59 | 000,604,012 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/17 20:57:59 | 000,105,040 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/17 20:56:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011/08/17 20:52:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 20:52:44 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/17 20:52:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/17 20:52:00 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 19:54:25 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/08/17 19:38:06 | 001,008,092 | ---- | M] () -- C:\Users\admin\Desktop\rkill.exe
[2011/08/17 19:37:48 | 001,008,092 | ---- | M] () -- C:\Users\admin\Desktop\rkill.scr
[2011/08/17 19:32:34 | 222,134,721 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/08/17 19:28:42 | 004,176,704 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\jalpert.exe
[2011/08/17 19:24:15 | 001,008,092 | ---- | M] () -- C:\Users\admin\Desktop\rkill.com
[2011/08/16 06:49:45 | 000,000,543 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/08/16 05:46:37 | 000,403,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/16 03:45:49 | 000,000,954 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/08/16 03:38:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/15 20:22:11 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/08/15 20:22:11 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/08/15 20:21:53 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/08/15 17:52:36 | 004,673,763 | ---- | M] () -- C:\Users\admin\Documents\Toshiba User Guide.pdf
[2011/08/15 13:34:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/15 06:20:12 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/15 06:20:01 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/08/15 04:51:40 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011/08/15 04:51:12 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011/08/14 16:09:19 | 055,803,904 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/14 16:09:19 | 000,049,152 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/14 16:09:19 | 000,016,384 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/14 13:32:45 | 000,000,067 | ---- | M] () -- C:\Windows\swupdate.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/08/17 19:51:55 | 1063,706,624 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/17 19:40:37 | 001,008,092 | ---- | C] () -- C:\Users\admin\Desktop\rkill.exe
[2011/08/17 19:40:30 | 001,008,092 | ---- | C] () -- C:\Users\admin\Desktop\rkill.scr
[2011/08/17 19:24:07 | 001,008,092 | ---- | C] () -- C:\Users\admin\Desktop\rkill.com
[2011/08/17 18:51:19 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/17 18:51:19 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/17 18:51:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/17 18:51:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/17 18:51:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/16 06:29:40 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/08/16 03:38:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/08/15 20:21:53 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/08/15 18:50:47 | 222,134,721 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/08/15 17:52:16 | 004,673,763 | ---- | C] () -- C:\Users\admin\Documents\Toshiba User Guide.pdf
[2011/08/15 13:34:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011/08/15 11:44:28 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/08/15 11:44:25 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/08/15 09:11:16 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011/08/15 09:11:13 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011/08/15 09:11:02 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011/08/15 09:11:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/08/15 09:10:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/08/15 09:10:56 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011/08/15 09:10:51 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011/08/15 09:10:32 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011/08/15 09:10:28 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011/08/15 09:09:35 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/08/15 09:09:27 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011/08/15 09:09:08 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011/08/15 08:48:40 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/08/15 08:48:40 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/08/15 08:48:40 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/08/15 06:20:12 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/08/15 05:52:40 | 000,000,960 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/08/14 16:01:54 | 055,803,904 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011/08/14 16:01:54 | 000,049,152 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011/08/14 16:01:54 | 000,016,384 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011/08/14 15:27:28 | 000,147,439 | ---- | C] () -- C:\Windows\System32\gpedit.msc
[2011/08/14 15:23:42 | 000,128,482 | ---- | C] () -- C:\Windows\System32\manage-bde.wsf
[2011/08/14 15:23:11 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2011/08/14 15:22:48 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2011/08/14 15:22:45 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2011/08/14 15:22:31 | 000,120,458 | ---- | C] () -- C:\Windows\System32\secpol.msc
[2011/08/14 15:22:28 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2011/08/14 15:22:28 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2011/08/14 14:31:15 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/08/14 14:31:09 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2011/05/04 08:56:51 | 000,192,474 | ---- | C] () -- C:\Windows\hpwins22.dat
[2011/05/04 08:56:51 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat
[2009/09/02 21:13:28 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/09/02 21:12:10 | 000,000,065 | ---- | C] () -- C:\Windows\System32\bd7040.dat
[2009/09/02 21:09:58 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009/09/02 21:06:33 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2008/05/03 11:23:47 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/04/26 12:31:29 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/04/26 12:31:29 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/04/26 12:31:28 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/04/26 12:31:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007/06/11 19:09:04 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007/06/11 18:44:51 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007/06/11 18:44:51 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007/06/11 18:44:51 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007/06/11 18:44:51 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007/06/11 18:44:51 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007/06/11 18:44:51 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007/06/11 18:06:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ3.dat
[2007/06/11 18:06:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ2.dat
[2007/06/11 18:06:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2007/06/11 18:06:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat
[2007/05/22 14:51:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1280.dll
[2007/05/22 14:26:48 | 000,910,720 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/05/22 13:39:00 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/03/06 18:54:04 | 000,995,328 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/12/05 15:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 07:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,403,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,012 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,105,040 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/03/24 19:27:08 | 000,292,352 | ---- | C] () -- C:\Windows\System32\libxml2.dll
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/07/22 23:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
========== LOP Check ==========
[2011/08/15 18:06:15 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TOSHIBA
[2011/08/17 20:51:05 | 000,022,424 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2006/09/18 16:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2006/11/02 04:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2007/06/11 18:03:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011/08/17 20:09:01 | 000,024,750 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/08/17 20:52:00 | 1063,706,624 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/17 20:51:57 | 1377,505,280 | -HS- | M] () -- C:\pagefile.sys
[2011/08/17 19:41:59 | 000,000,366 | ---- | M] () -- C:\rkill.log
< %systemroot%\Fonts\*.com >
[2006/11/02 07:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2011/08/15 13:21:16 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\Fonts\*.exe >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/05/14 14:56:34 | 000,319,488 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp02t.dll
[2006/11/02 07:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.jpg >
< %systemroot%\*.png >
< %systemroot%\*.scr >
[2011/07/04 06:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2011/08/15 05:50:20 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2007/06/11 18:03:11 | 007,147,520 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/06/11 18:03:09 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/06/11 18:03:11 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/06/11 18:03:16 | 016,031,744 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/06/11 18:03:18 | 006,070,272 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %PROGRAMFILES%\bak. /s >
< %systemroot%\system32\bak. /s >
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
< %systemroot%\system32\config\systemprofile\*.dat /x >
< %systemroot%\*.config >
< %systemroot%\system32\*.db >
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/08/16 03:45:49 | 000,000,221 | -HS- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
< %USERPROFILE%\Desktop\*.exe >
[2011/08/17 19:28:42 | 004,176,704 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\jalpert.exe
[2011/08/17 20:56:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2011/08/17 19:38:06 | 001,008,092 | ---- | M] () -- C:\Users\admin\Desktop\rkill.exe
< %PROGRAMFILES%\Common Files\*.* >
< %systemroot%\*.src >
< %systemroot%\install\*.* >
< %systemroot%\system32\DLL\*.* >
< %systemroot%\system32\HelpFiles\*.* >
< %systemroot%\system32\rundll\*.* >
< %systemroot%\winn32\*.* >
< %systemroot%\Java\*.* >
< %systemroot%\system32\test\*.* >
< %systemroot%\system32\Rundll32\*.* >
< %systemroot%\AppPatch\Custom\*.* >
< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >
< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >
< %PROGRAMFILES%\Internet Explorer\*.tmp >
< %PROGRAMFILES%\Internet Explorer\*.dat >
< %USERPROFILE%\My Documents\*.exe >
< %USERPROFILE%\*.exe >
< %systemroot%\ADDINS\*.* >
[2006/11/02 07:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf
< %systemroot%\assembly\*.bak2 >
< %systemroot%\Config\*.* >
< %systemroot%\REPAIR\*.bak2 >
< %systemroot%\SECURITY\Database\*.sdb /x >
< %systemroot%\SYSTEM\*.bak2 >
< %systemroot%\Web\*.bak2 >
< %systemroot%\Driver Cache\*.* >
< %PROGRAMFILES%\Mozilla Firefox\0*.exe >
< %ProgramFiles%\Microsoft Common\*.* >
< %ProgramFiles%\TinyProxy. >
< %USERPROFILE%\Favorites\*.url /x >
[2008/06/14 11:16:29 | 000,000,402 | -HS- | M] () -- C:\Users\admin\Favorites\desktop.ini
< %systemroot%\system32\*.bk >
< %systemroot%\*.te >
< %systemroot%\system32\system32\*.* >
< %ALLUSERSPROFILE%\*.dat /x >
[2011/05/04 09:16:48 | 000,000,432 | ---- | M] () -- C:\ProgramData\hpzinstall.log
< %systemroot%\system32\drivers\*.rmv >
< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
< dir /b "%systemroot%\*.exe" | find /i " " /c >
< %PROGRAMFILES%\Microsoft\*.* >
< %systemroot%\System32\Wbem\proquota.exe >
< %PROGRAMFILES%\Mozilla Firefox\*.dat >
< %USERPROFILE%\Cookies\*.txt /x >
< %SystemRoot%\system32\fonts\*.* >
< %systemroot%\system32\winlog\*.* >
< %systemroot%\system32\Language\*.* >
< %systemroot%\system32\Settings\*.* >
< %systemroot%\system32\*.quo >
< %SYSTEMROOT%\AppPatch\*.exe >
< %SYSTEMROOT%\inf\*.exe >
< %SYSTEMROOT%\Installer\*.exe >
[2007/04/27 17:59:24 | 000,593,984 | ---- | M] (Intel Corporation) -- C:\Windows\Installer\iProInst.exe
[3 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
< %systemroot%\system32\config\*.bak2 >
< %systemroot%\system32\Computers\*.* >
< %SystemRoot%\system32\Sound\*.* >
< %SystemRoot%\system32\SpecialImg\*.* >
< %SystemRoot%\system32\code\*.* >
< %SystemRoot%\system32\draft\*.* >
< %SystemRoot%\system32\MSSSys\*.* >
< %ProgramFiles%\Javascript\*.* >
< %systemroot%\pchealth\helpctr\System\*.exe /s >
< %systemroot%\Web\*.exe >
< %systemroot%\system32\msn\*.* >
< %systemroot%\system32\*.tro >
< %AppData%\Microsoft\Installer\msupdates\*.* >
< %ProgramFiles%\Messenger\*.* >
< %systemroot%\system32\systhem32\*.* >
< %systemroot%\system\*.exe >
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-17 10:19:45
< End of report >
OTL Extras logfile created on: 8/17/2011 9:00:28 PM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\admin\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1013.69 Mb Total Physical Memory | 202.73 Mb Available Physical Memory | 20.00% Memory free
2.24 Gb Paging File | 1.25 Gb Available in Paging File | 55.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.06 Gb Total Space | 38.32 Gb Free Space | 52.45% Space Free | Partition Type: NTFS
Computer Name: HM-LISALAPTOP | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4DAB0B71-B389-45CE-BB53-AEE4F3B71417}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7EB5A1ED-AB59-46F4-ACD1-800D925DDD43}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0226DAF8-D69A-415F-93E2-DA6ED7E3C4F0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{2C107ACB-1D1B-4C9A-8C15-4E75D98D860D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{44621F0C-7B87-40A5-AB23-6642D663A44D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{4FE23D9F-D6D3-4D4A-8AFC-2471B41F23C5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{5961CED1-453B-4DF0-9A26-AFFBBF0D04CD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A1B90C82-2131-4A42-9E5D-828B6DDF7458}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A799F99A-E69B-49C4-B565-F8F378D72E54}" = dir=in | app=c:\users\admin\appdata\local\temp\7zs165d\ojp8500va909_basic_14\setup\hpznui01.exe |
"{AD8335CF-F112-4300-B386-9C5CB647765E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B96D7FE4-3934-4795-A53D-F051293FC39D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CAD981B3-1DF0-4AEF-8C33-86341055DEDC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{F5774640-DAFD-42B7-B977-0942C5D3E1C7}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0E9C4531-58C4-4349-AD2F-A4D999E451EC}" = TOSHIBA Music
"{10113A44-CBFF-4FF7-8A13-BD1EC4180C56}" = Protector Suite QL 5.6
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2BDF38E0-1A7F-4220-B4B7-118DD45E5E13}" = TOSHIBA Supervisor Password
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3D73DC7A-2D1D-45CF-8A67-24873925C716}" = bpd_scan
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{643F4F69-5A6A-4B52-BD56-5909800B556F}" = 8500A909_Help_BasicWeb
"{6AD2231F-FF48-4D59-AC26-405AFAE23DB7}" = ManageEngine Desktop Central 6 - Agent
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8ECB8220-F420-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008 (Plus Pack)
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{978AFF1A-B939-4177-B85A-C87B1867AC5C}" = 8500A909_BasicWeb
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A7A02E23-805C-4AAC-B408-D59A1D53AEA6}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AD0AA962-111E-41D5-A705-0E3D9178A661}" = BPDSoftware_Ini
"{B1054C0C-0C16-41E1-8A9D-35F065793E92}" = HP Officejet Pro 8500 A909 Series
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BFC85CDC-BD7C-4FDD-9507-8D74B5A79404}" = TOSHIBA Hardware Setup
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast" = avast! Free Antivirus
"EPSON Printer and Utilities" = EPSON Printer Software
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"oggcodecs" = oggcodecs 0.71.0946
"ProInst" = Intel® PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"YTdetect" = Yahoo! Detect
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/17/2011 8:11:36 PM | Computer Name = hm-lisalaptop | Source = EventSystem | ID = 4609
Description =
Error - 8/17/2011 8:19:02 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
Error - 8/17/2011 8:19:54 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
Error - 8/17/2011 8:33:23 PM | Computer Name = hm-lisalaptop | Source = EventSystem | ID = 4609
Description =
Error - 8/17/2011 8:42:03 PM | Computer Name = hm-lisalaptop | Source = EventSystem | ID = 4609
Description =
Error - 8/17/2011 8:49:45 PM | Computer Name = hm-lisalaptop | Source = EventSystem | ID = 4609
Description =
Error - 8/17/2011 8:54:59 PM | Computer Name = hm-lisalaptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe_gpsvc, version 6.0.6001.18000, time
stamp 0x47918b89, faulting module gpsvc.dll, version 6.0.6002.18005, time stamp
0x49e0372b, exception code 0xc0000005, fault offset 0x0000e1b3, process id 0xf1c,
application start time 0x01cc5d4170253754.
Error - 8/17/2011 9:01:00 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
Error - 8/17/2011 9:53:17 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
Error - 8/17/2011 9:53:33 PM | Computer Name = hm-lisalaptop | Source = DesktopCentral | ID = 103
Description = Unable to query the configurations from the machine running Desktop
Central Server. The Desktop Central Server is down or machine running Desktop
Central is down or is being blocked by the firewall in the machine running Desktop
Central Server.
[ System Events ]
Error - 8/17/2011 8:50:20 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7001
Description =
Error - 8/17/2011 8:50:53 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7030
Description =
Error - 8/17/2011 8:53:34 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7024
Description =
Error - 8/17/2011 8:53:34 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7000
Description =
Error - 8/17/2011 8:53:34 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7023
Description =
Error - 8/17/2011 8:53:34 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7031
Description =
Error - 8/17/2011 8:55:32 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7031
Description =
Error - 8/17/2011 9:01:12 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7022
Description =
Error - 8/17/2011 9:52:49 PM | Computer Name = hm-lisalaptop | Source = Print | ID = 19
Description = The print spooler failed to share printer QuickBooks PDF Converter
with shared resource name QuickBooks PDF Converter. Error 2114. The printer cannot
be used by others on the network.
Error - 8/17/2011 9:53:38 PM | Computer Name = hm-lisalaptop | Source = Service Control Manager | ID = 7000
Description =
< End of report >
#16 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 10:52 PM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 10h 30m 28s
#17 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 18 August 2011 - 02:56 AM
You mean there is more?? Whew, you are wearing me out!
Computer seems to be running good right now. CPU usage is down and so is memory usage so it is a little snappier (is that a word) than before.
Computer seems to be running good right now. CPU usage is down and so is memory usage so it is a little snappier (is that a word) than before.
#18 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 10:52 PM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 10h 30m 28s
#19 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 24,883 posts
- Joined: October 04, 2004
- 1,860 topics
- Age: 57
- Skin: IPBoard wide
- Local time: 10:52 PM
Malware Annihilator
-
Zodiac:Virgo
- Gender:Male
- Location:Daly City, CA
- OS:Windows Vista
-
Country:
- Time Online: 57d 10h 30m 28s
Posted 18 August 2011 - 03:18 AM
Surely one more GB of RAM will help. I assume you ordered it?
OTL log looks perfectly fine.
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
2. Download Temp File Cleaner (TFC)
3. Please run a free online scan with the ESET Online Scanner
OTL log looks perfectly fine.
Last scans....
1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push List of found threats
- Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
- NOTE. If Eset won't find any threats, it won't produce any log.
#20 Re: [RESOLVED] Need help cleaning up laptop
-
-
- 27 posts
- Joined: August 08, 2011
- 3 topics
- Age: 58
- Skin: IP.Board
- Local time: 12:52 AM
Member
-
Zodiac:Sagittarius
- Gender:Female
- Location:Missouri
- Interests:Web design and graphics
- OS:Windows XP
-
Country:
- Time Online: 13h 50m 27s
Posted 18 August 2011 - 03:27 AM
Yes, ordered another GB of RAM - it shipped today so I'm sure that will help.
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
ESET Online scanner doesn't seem to be available right now.
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 26
Java™ SE Runtime Environment 6
Out of date Java installed!
Adobe Flash Player
Adobe Reader X (10.1.0)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
ESET Online scanner doesn't seem to be available right now.
