Hi,
Concerned I have viruses or something bad on my computer as when I try to run virus scans, they freeze the computer and so I have to close the whole thing down.
I have tried running scans with Avast! and Malwarebytes and they both freeze.
I have seen a couple of dodgy programs in control panel but when I try to remove them, they come back - so basically want to make sure the computer is not infected with anything and get it back to normal.
HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:25:26, on 23/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Gubbins\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10608 bytes
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Gubbins at 19:26:20 on 2013-05-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2812.1504 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
uSearchAssistant = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8D4190F4-D4B5-462F-A6C4-CB88E18C5670} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8D4190F4-D4B5-462F-A6C4-CB88E18C5670}\4596D6F6478697 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{93771F3B-6276-44FE-8A45-D5313DE90EAD} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-25 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-25 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-9 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-9 378432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-28 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-9 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-9 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-21 46808]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-11-28 1811456]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-30 3027840]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-3-6 23552]
R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-11-28 20592]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-11-28 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-31 344680]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-11-28 932384]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-11-28 232992]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-28 51512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-15 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-13 1255736]
.
=============== Created Last 30 ================
.
2013-05-23 17:05:20 -------- d-----w- C:\Program Files (x86)\Ask.com
2013-05-21 09:53:19 -------- d-----w- C:\Users\Gubbins\AppData\Roaming\Malwarebytes
2013-05-21 09:53:03 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-21 09:53:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-21 09:53:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-21 09:52:39 -------- d-----w- C:\Users\Gubbins\AppData\Local\Programs
2013-05-21 09:30:46 -------- d-----w- C:\Program Files\iPod
2013-05-21 09:30:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-21 09:30:45 -------- d-----w- C:\Program Files\iTunes
2013-05-21 09:30:45 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-21 09:25:07 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09E7F397-A643-46BC-967F-6D9D761D8D8D}\mpengine.dll
2013-05-21 07:31:27 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2013-05-21 07:28:09 -------- d-----w- C:\Users\Gubbins\AppData\Roaming\WinPatrol
2013-05-21 07:28:04 -------- d-----w- C:\ProgramData\InstallMate
2013-05-21 07:28:04 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-05-01 16:52:46 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-24 15:44:02 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2013-05-15 19:15:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:15:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-02 01:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 16:52:39 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-05-01 16:52:39 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-04-23 14:14:05 57 ----a-w- C:\ProgramData\ocejolb.bat
2013-04-23 14:14:05 153 ----a-w- C:\ProgramData\ocejolb.reg
2013-04-23 14:13:51 44544 ----a-w- C:\ProgramData\rundll32.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-06 06:51:22 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 19:26:56.90 ===============
ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/01/2012 17:32:22
System Uptime: 23/05/2013 18:06:56 (1 hours ago)
.
Motherboard: TOSHIBA | | PWWAE
Processor: AMD Athlon(tm) II P360 Dual-Core Processor | Socket M2/S1G1 | 1679/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 22.606 GiB free.
D: is FIXED (NTFS) - 223 GiB total, 215.713 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP142: 21/05/2013 08:37:06 - avast! Free Antivirus Setup
RP143: 21/05/2013 10:22:30 - Windows Update
RP144: 21/05/2013 10:27:41 - Installed iTunes
RP145: 21/05/2013 10:42:09 - Installed Adobe Reader XI.
RP146: 21/05/2013 10:49:53 - avast! Free Antivirus Setup
RP147: 23/05/2013 18:03:56 - Installed Microsoft Visual C++ 2005 Redistributable
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Advertising Center
ALTools Update
ALZip 8.51
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
avast! Free Antivirus
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
FastStone Image Viewer 4.7
FileHippo.com Update Checker
ImagXpress
iTunes
Java 7 Update 21 (64-bit)
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero RescueAgent
Nero StartSmart
Nero StartSmart Help
NeroExpress
neroxml
Opera 12.15
Photo Service - powered by myphotobook
PlayReady PC Runtime amd64
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Skype Click to Call
Skype 6.3
Synaptics Pointing Device Driver
TeamViewer 7
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Utility Common Driver
Windows Live Sync
Windows Live Upload Tool
WinPatrol
Yontoo 2.04.1
.
==== Event Viewer Messages From Past Week ========
.
21/05/2013 16:40:45, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
21/05/2013 12:40:52, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
21/05/2013 10:27:36, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/05/2013 08:54:14, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Gubbins-TOSH\Gubbins (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
.
==== End Of File ===========================
ARK
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-23 19:41:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005b TOSHIBA_ rev.GH10 298.09GB
Running: oqjelw3l.exe; Driver: C:\Users\Gubbins\AppData\Local\Temp\pxliapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002df5000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002df500e 3 bytes [00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\services.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1648] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1736] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[1576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[2148] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100181014
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100180804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100180a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100180c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100180e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001001801f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001001803fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100180600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 00000001001c1014
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 00000001001c0804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 00000001001c0a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 3 bytes JMP 00000001001c0c0c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A + 4 0000000075eb54c6 1 byte [8A]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 00000001001c0e10
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001001c01f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001001c03fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 00000001001c0600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 00000001001d0a08
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010018075c
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001803a4
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100180b14
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100180ecc
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010018163c
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100181284
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001819f4
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010042075c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001004203a4
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100420b14
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100420ecc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010042163c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100421284
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001004219f4
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100260600
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010021075c
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002103a4
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100210b14
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100210ecc
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010021163c
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100211284
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002119f4
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3604] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010029075c
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002903a4
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100290b14
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100290ecc
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010029163c
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100291284
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002919f4
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010030075c
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003003a4
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100300b14
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100300ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010030163c
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100301284
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003019f4
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010016075c
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001603a4
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100160b14
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100160ecc
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010016163c
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100161284
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001619f4
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010028075c
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002803a4
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100280b14
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100280ecc
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010028163c
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100281284
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002819f4
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010025075c
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002503a4
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100250b14
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100250ecc
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010025163c
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100251284
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002519f4
.text C:\Windows\Explorer.EXE[2788] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001002b075c
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002b03a4
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001002b0b14
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001002b0ecc
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001002b163c
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001002b1284
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002b19f4
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001002c075c
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002c03a4
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001002c0b14
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001002c0ecc
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001002c163c
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001002c1284
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002c19f4
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010032075c
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003203a4
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100320b14
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100320ecc
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010032163c
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100321284
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003219f4
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010025075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002503a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100250b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100250ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010025163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100251284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002519f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003c075c
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003c03a4
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003c0b14
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003c0ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003c163c
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003c1284
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003c19f4
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003b075c
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003b03a4
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003b0b14
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003b0ecc
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003b163c
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003b1284
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003b19f4
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001005f075c
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001005f03a4
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001005f0b14
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001005f0ecc
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001005f163c
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001005f1284
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001005f19f4
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003c075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003c03a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003c0b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003c0ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003c163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003c1284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003c19f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010046075c
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001004603a4
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100460b14
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100460ecc
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010046163c
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100461284
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001004619f4
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001001a075c
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001a03a4
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001001a0b14
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001001a0ecc
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001001a163c
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001001a1284
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001a19f4
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100441284
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010020075c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002003a4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100200b14
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100200ecc
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010020163c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100201284
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002019f4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760f1465 2 bytes [0F, 76]
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760f14bb 2 bytes [0F, 76]
.text ... * 2
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001001401f8
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001001403fc
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100140804
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100140600
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100140a08
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100151014
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100150c0c
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100150e10
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100150600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003c075c
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003c03a4
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003c0b14
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003c0ecc
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003c163c
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003c1284
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003c19f4
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001001e075c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001e03a4
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001001e0b14
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001001e0ecc
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001001e163c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001001e1284
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001e19f4
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100250600
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003a075c
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003a03a4
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003a0b14
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003a0ecc
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003a163c
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003a1284
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003a19f4
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010033075c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003303a4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100330b14
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100330ecc
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010033163c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100331284
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003319f4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010026075c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002603a4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100260b14
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100260ecc
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010026163c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100261284
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002619f4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010017075c
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001703a4
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100170b14
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100170ecc
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010017163c
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100171284
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001719f4
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100241014
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100240804
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100240a08
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100240c0c
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100240e10
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001002401f8
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001002403fc
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100240600
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001002601f8
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001002603fc
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100260804
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100260600
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100260a08
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1540:1712] 000007fef30b2888
Thread C:\Windows\system32\svchost.exe [1540:2636] 000007fef30b2a40
Thread C:\Windows\System32\svchost.exe [3548:3980] 000007fef5b79688
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:3648] 000007fefd9a0168
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:3680] 000007fefb7f2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:3688] 000007fef621d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:3956] 000007fef9555124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:4032] 000007fef61b9730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:4036] 000007fef621d618
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 108477
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 9
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 108477
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
---- EOF - GMER 2.1 ----
Many thanks,
Gubbo
Concerned I have viruses or something bad on my computer as when I try to run virus scans, they freeze the computer and so I have to close the whole thing down.
I have tried running scans with Avast! and Malwarebytes and they both freeze.
I have seen a couple of dodgy programs in control panel but when I try to remove them, they come back - so basically want to make sure the computer is not infected with anything and get it back to normal.
HIJACK THIS
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:25:26, on 23/05/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Users\Gubbins\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10608 bytes
DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576
Run by Gubbins at 19:26:20 on 2013-05-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2812.1504 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
uSearchAssistant = hxxp://feed.snap.do/?publisher=TightropeYB&dpid=TightropeYB&co=GB&userid=e65b88a2-1a0a-4c32-b8a1-5756716edcbd&searchtype=ds&q={searchTerms}&installDate=06/03/2013
mWinlogon: Userinit = userinit.exe,
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
TB: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
uRun: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
mRun: [NBAgent] "c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8D4190F4-D4B5-462F-A6C4-CB88E18C5670} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{8D4190F4-D4B5-462F-A6C4-CB88E18C5670}\4596D6F6478697 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{93771F3B-6276-44FE-8A45-D5313DE90EAD} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [SmartFaceVWatcher] C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaReminder.exe
x64-Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
x64-Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-25 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-25 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-1-9 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-1-9 378432]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-28 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-1-9 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-1-9 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-21 46808]
R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2011-11-28 1811456]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-30 3027840]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-3-6 23552]
R3 CeKbFilter;CeKbFilter;C:\Windows\System32\drivers\CeKbFilter.sys [2011-11-28 20592]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2011-11-28 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-8-31 344680]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-11-28 932384]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-11-28 232992]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-5-11 124368]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-11-28 51512]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-1-15 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-1-13 1255736]
.
=============== Created Last 30 ================
.
2013-05-23 17:05:20 -------- d-----w- C:\Program Files (x86)\Ask.com
2013-05-21 09:53:19 -------- d-----w- C:\Users\Gubbins\AppData\Roaming\Malwarebytes
2013-05-21 09:53:03 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-21 09:53:00 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-21 09:53:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-21 09:52:39 -------- d-----w- C:\Users\Gubbins\AppData\Local\Programs
2013-05-21 09:30:46 -------- d-----w- C:\Program Files\iPod
2013-05-21 09:30:45 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-05-21 09:30:45 -------- d-----w- C:\Program Files\iTunes
2013-05-21 09:30:45 -------- d-----w- C:\Program Files (x86)\iTunes
2013-05-21 09:25:07 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{09E7F397-A643-46BC-967F-6D9D761D8D8D}\mpengine.dll
2013-05-21 07:31:27 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2013-05-21 07:28:09 -------- d-----w- C:\Users\Gubbins\AppData\Roaming\WinPatrol
2013-05-21 07:28:04 -------- d-----w- C:\ProgramData\InstallMate
2013-05-21 07:28:04 -------- d-----w- C:\Program Files (x86)\BillP Studios
2013-05-01 16:52:46 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-24 15:44:02 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2013-05-15 19:15:11 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 19:15:11 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:07 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-05-09 08:59:07 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr
2013-05-02 01:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-05-01 16:52:39 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-05-01 16:52:39 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-04-23 14:14:05 57 ----a-w- C:\ProgramData\ocejolb.bat
2013-04-23 14:14:05 153 ----a-w- C:\ProgramData\ocejolb.reg
2013-04-23 14:13:51 44544 ----a-w- C:\ProgramData\rundll32.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-04-06 06:51:22 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:53:58 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-03-19 05:53:58 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-02-27 06:02:44 111448 ----a-w- C:\Windows\System32\consent.exe
2013-02-27 05:48:00 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-02-27 05:47:10 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-02-27 04:49:24 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
.
============= FINISH: 19:26:56.90 ===============
ATTACH
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 05/01/2012 17:32:22
System Uptime: 23/05/2013 18:06:56 (1 hours ago)
.
Motherboard: TOSHIBA | | PWWAE
Processor: AMD Athlon(tm) II P360 Dual-Core Processor | Socket M2/S1G1 | 1679/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 22.606 GiB free.
D: is FIXED (NTFS) - 223 GiB total, 215.713 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP142: 21/05/2013 08:37:06 - avast! Free Antivirus Setup
RP143: 21/05/2013 10:22:30 - Windows Update
RP144: 21/05/2013 10:27:41 - Installed iTunes
RP145: 21/05/2013 10:42:09 - Installed Adobe Reader XI.
RP146: 21/05/2013 10:49:53 - avast! Free Antivirus Setup
RP147: 23/05/2013 18:03:56 - Installed Microsoft Visual C++ 2005 Redistributable
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Advertising Center
ALTools Update
ALZip 8.51
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
ATI Catalyst Install Manager
avast! Free Antivirus
Bonjour
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
FastStone Image Viewer 4.7
FileHippo.com Update Checker
ImagXpress
iTunes
Java 7 Update 21 (64-bit)
Java Auto Updater
Java(TM) 6 Update 20
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4 Client Profile
Microsoft Mouse and Keyboard Center
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9 Essentials
Nero BackItUp
Nero BackItUp and Burn
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero RescueAgent
Nero StartSmart
Nero StartSmart Help
NeroExpress
neroxml
Opera 12.15
Photo Service - powered by myphotobook
PlayReady PC Runtime amd64
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Skype Click to Call
Skype 6.3
Synaptics Pointing Device Driver
TeamViewer 7
TOSHIBA Assist
TOSHIBA Bulletin Board
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Manuals
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA Online Product Information
TOSHIBA Recovery Media Creator
TOSHIBA Recovery Media Creator Reminder
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Supervisor Password
Toshiba TEMPRO
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TRORMCLauncher
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Utility Common Driver
Windows Live Sync
Windows Live Upload Tool
WinPatrol
Yontoo 2.04.1
.
==== Event Viewer Messages From Past Week ========
.
21/05/2013 16:40:45, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
21/05/2013 12:40:52, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
21/05/2013 10:27:36, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
19/05/2013 08:54:14, Error: Microsoft-Windows-Bits-Client [16398] - A new BITS job could not be created. The current job count for the user Gubbins-TOSH\Gubbins (60) is equal to or greater than the job limit (60) specified through group policy. To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
.
==== End Of File ===========================
ARK
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-05-23 19:41:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005b TOSHIBA_ rev.GH10 298.09GB
Running: oqjelw3l.exe; Driver: C:\Users\Gubbins\AppData\Local\Temp\pxliapog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002df5000 13 bytes [D2, 48, 8B, CB, E8, DF, C2, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 574 fffff80002df500e 3 bytes [00, 00, 00]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[516] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\services.exe[580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[968] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[368] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[432] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1504] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1540] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1616] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1648] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[1736] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe[1780] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[2032] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe[1576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[1060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe[2148] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100181014
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100180804
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100180a08
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100180c0c
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100180e10
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001001801f8
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001001803fc
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[2624] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100180600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 00000001001c1014
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 00000001001c0804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 00000001001c0a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 3 bytes JMP 00000001001c0c0c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A + 4 0000000075eb54c6 1 byte [8A]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 00000001001c0e10
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001001c01f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001001c03fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 00000001001c0600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001001d01f8
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001001d03fc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 00000001001d0804
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 00000001001d0600
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2876] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 00000001001d0a08
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010018075c
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001803a4
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100180b14
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100180ecc
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010018163c
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100181284
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001819f4
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\svchost.exe[3004] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010042075c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001004203a4
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100420b14
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100420ecc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010042163c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100421284
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001004219f4
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe[3400] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe[3484] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100260600
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010021075c
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002103a4
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100210b14
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100210ecc
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010021163c
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100211284
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002119f4
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\System32\svchost.exe[3548] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3604] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010029075c
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002903a4
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100290b14
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100290ecc
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010029163c
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100291284
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002919f4
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\SearchIndexer.exe[3764] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010030075c
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003003a4
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100300b14
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100300ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010030163c
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100301284
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003019f4
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\wbem\wmiprvse.exe[4048] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010016075c
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001603a4
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100160b14
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100160ecc
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010016163c
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100161284
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001619f4
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\taskhost.exe[1972] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010028075c
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002803a4
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100280b14
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100280ecc
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010028163c
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100281284
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002819f4
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\Dwm.exe[2924] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010025075c
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002503a4
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100250b14
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100250ecc
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010025163c
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100251284
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002519f4
.text C:\Windows\Explorer.EXE[2788] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\Explorer.EXE[2788] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001002b075c
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002b03a4
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001002b0b14
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001002b0ecc
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001002b163c
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001002b1284
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002b19f4
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe[2704] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001002c075c
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002c03a4
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001002c0b14
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001002c0ecc
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001002c163c
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001002c1284
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002c19f4
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe[3176] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010032075c
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003203a4
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100320b14
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100320ecc
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010032163c
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100321284
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003219f4
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe[2604] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010025075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002503a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100250b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100250ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010025163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100251284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002519f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[988] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003c075c
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003c03a4
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003c0b14
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003c0ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003c163c
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003c1284
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003c19f4
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3432] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003b075c
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003b03a4
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003b0b14
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003b0ecc
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003b163c
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003b1284
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003b19f4
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[2380] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[1396] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001005f075c
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001005f03a4
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001005f0b14
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001005f0ecc
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001005f163c
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001005f1284
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001005f19f4
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3820] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003c075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003c03a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003c0b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003c0ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003c163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003c1284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003c19f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3692] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010046075c
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001004603a4
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100460b14
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100460ecc
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010046163c
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100461284
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001004619f4
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\System32\svchost.exe[3780] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001001a075c
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001a03a4
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001001a0b14
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001001a0ecc
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001001a163c
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001001a1284
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001a19f4
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe[3204] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010044075c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001004403a4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100440b14
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100440ecc
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010044163c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100441284
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001004419f4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe[2596] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010020075c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002003a4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100200b14
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100200ecc
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010020163c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100201284
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002019f4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe[3268] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000760f1465 2 bytes [0F, 76]
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000760f14bb 2 bytes [0F, 76]
.text ... * 2
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001001401f8
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001001403fc
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100140804
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100140600
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100140a08
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100151014
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100150c0c
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100150e10
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3088] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100150600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3140] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003c075c
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003c03a4
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003c0b14
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003c0ecc
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003c163c
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003c1284
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003c19f4
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe[3960] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe[1232] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001001e075c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001e03a4
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001001e0b14
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001001e0ecc
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001001e163c
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001001e1284
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3356] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001e19f4
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100251014
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100250c0c
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100250e10
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe[2040] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100250600
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 00000001003a075c
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003a03a4
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 00000001003a0b14
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 00000001003a0ecc
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 00000001003a163c
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 00000001003a1284
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003a19f4
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\taskeng.exe[4108] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010033075c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001003303a4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100330b14
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100330ecc
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010033163c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100331284
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001003319f4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[4992] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010026075c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001002603a4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100260b14
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100260ecc
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010026163c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100261284
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001002619f4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[4856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077343ae0 5 bytes JMP 000000010017075c
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077347a90 5 bytes JMP 00000001001703a4
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077371490 5 bytes JMP 0000000100170b14
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000773714f0 5 bytes JMP 0000000100170ecc
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773715d0 5 bytes JMP 000000010017163c
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077371810 5 bytes JMP 0000000100171284
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077372840 5 bytes JMP 00000001001719f4
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007725eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefee76e00 5 bytes JMP 000007ff7ee91dac
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefee76f2c 5 bytes JMP 000007ff7ee90ecc
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefee77220 5 bytes JMP 000007ff7ee91284
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefee7739c 5 bytes JMP 000007ff7ee9163c
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefee77538 5 bytes JMP 000007ff7ee919f4
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefee775e8 5 bytes JMP 000007ff7ee903a4
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefee7790c 5 bytes JMP 000007ff7ee9075c
.text C:\Windows\system32\taskhost.exe[3128] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefee77ab4 5 bytes JMP 000007ff7ee90b14
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007751faa0 5 bytes JMP 0000000100030600
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007751fb38 5 bytes JMP 0000000100030804
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007751fc90 5 bytes JMP 0000000100030c0c
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077520018 5 bytes JMP 0000000100030a08
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077521900 5 bytes JMP 0000000100030e10
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007753c45a 5 bytes JMP 00000001000301f8
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077541217 5 bytes JMP 00000001000303fc
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000752ba30a 1 byte [62]
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075eb5181 5 bytes JMP 0000000100241014
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075eb5254 5 bytes JMP 0000000100240804
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 0000000075eb53d5 5 bytes JMP 0000000100240a08
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 0000000075eb54c2 5 bytes JMP 0000000100240c0c
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 0000000075eb55e2 5 bytes JMP 0000000100240e10
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 0000000075eb567c 5 bytes JMP 00000001002401f8
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 0000000075eb589f 5 bytes JMP 00000001002403fc
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075eb5a22 5 bytes JMP 0000000100240600
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075a2ee09 5 bytes JMP 00000001002601f8
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075a33982 5 bytes JMP 00000001002603fc
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075a37603 5 bytes JMP 0000000100260804
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075a3835c 5 bytes JMP 0000000100260600
.text C:\Users\Gubbins\Desktop\oqjelw3l.exe[4188] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075a4f52b 5 bytes JMP 0000000100260a08
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1540:1712] 000007fef30b2888
Thread C:\Windows\system32\svchost.exe [1540:2636] 000007fef30b2a40
Thread C:\Windows\System32\svchost.exe [3548:3980] 000007fef5b79688
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:3648] 000007fefd9a0168
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:3680] 000007fefb7f2a7c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:3688] 000007fef621d618
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:3956] 000007fef9555124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:4032] 000007fef61b9730
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3604:4036] 000007fef621d618
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 108477
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll, bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 9
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 108477
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
---- EOF - GMER 2.1 ----
Many thanks,
Gubbo