Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus!!! MBAM and AVAST says nothing!!


  • This topic is locked This topic is locked
15 replies to this topic

#1 xxEMOxx

xxEMOxx

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 18 August 2011 - 08:12 PM

Ok, so I have AVAST and MBAM and both say my p.c. is ok.

Hitman Pro shows 1 thing with is ATIDEMGX32.dll when I go to get info it says, Bulletstorm and People can Fly or some crap!!!

I cannot delete this manually..... and I am thinking its the only thing left i can think of.

I would prefer not to have buy a new virus scanner, such as HitMan Pro or anything else. Also if at all possible I would like to avoid having to buy or give credit card info to register any new software..... even if its only a "trial" basis. Shareware, FreeWare and etc. from legit sources is ok.

I have many of the programs reccomended here such as ComboFix, Hijackthis, MBAM, AVAST, and others RKill, I cant name em all, I just prefer not to mess with them without guidance as I do not wish to do more damage.

I had an issue about a week ago, to run something called jucheck.exe I believe. When I googled it, it said it was a Java Update, yet I have feeling that is what caused the issue.

I am normally pretty good about virus removal and prevention and thus.

My O.S. is : Windows Vista Prem.

I run FireFox 3.16 I believe.

I am in the process of running a MBAM quick scan and will attach the log when finished.

Please help me guys as this google redirecting stuff is getting sickingly annoying!!!!

MBAM Current log:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7482

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

8/18/2011 6:11:58 PM
mbam-log-2011-08-18 (18-11-58).txt

Scan type: Quick scan
Objects scanned: 164176
Time elapsed: 6 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by xxEMOxx, 18 August 2011 - 08:50 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,943 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:06:57 PM

Posted 18 August 2011 - 10:38 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 xxEMOxx

xxEMOxx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 19 August 2011 - 12:03 AM

Here are my logs as the mod had said to get.

I am not sure if the one GMER one will post cause it saves in .log format but i'll try.

DDS LOG:
\.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by xMATTIExPOOx at 21:15:27 on 2011-08-18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2068 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\xMATTIExPOOx\Desktop\Games APS and EXE's\Virus Software Stuff\dds.com
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: {0129d182-e60f-4d1f-b969-6468202fab6a} - c:\windows\system32\ATIDEMGX32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: $talisma_url$
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\xmattiexpoox\appdata\roaming\mozilla\firefox\profiles\d8xqlwck.default\
FF - component: c:\users\xmattiexpoox\appdata\roaming\mozilla\firefox\profiles\d8xqlwck.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: FireFTP button: {9BAE5926-8513-417d-8E47-774955A7C60D} - %profile%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: XUL Cache: {c9be5bae-62a2-4d50-806a-d7216eabb447} - %profile%\extensions\{c9be5bae-62a2-4d50-806a-d7216eabb447}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-7 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-7 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-7 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-4 309848]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-27 25896]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-27 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-4 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-4 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-8 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-7 366640]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-3-29 315392]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-7 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 135664]
S2 MMCSS32;Multimedia Class Scheduler ;c:\windows\system32\mscat3232.exe [2011-7-20 569344]
S2 PNRPAutoReg32;PNRP Machine Name Publication Service ;c:\windows\system32\wmidx32.exe --> c:\windows\system32\wmidx32.exe [?]
S2 THREADORDER32;Thread Ordering Server ;c:\windows\system32\nlsdata000032.exe --> c:\windows\system32\NlsData000032.exe [?]
S3 37F2DF21;37F2DF21;c:\windows\system32\37f2df21.exe --> c:\windows\system32\37F2DF21.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-8-18 23624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-7 366840]
S4 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-7 1150936]
.
=============== Created Last 30 ================
.
2011-08-18 23:29:42 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-18 23:29:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-18 23:29:18 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2011-08-18 23:28:53 -------- d-----w- c:\programdata\Hitman Pro
2011-08-18 17:20:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-18 17:20:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-18 17:20:46 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-18 17:20:46 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-18 17:20:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-15 07:19:17 155648 ----a-w- c:\programdata\ATIDEMGX32.dll
2011-08-15 07:19:12 327680 ----a-w- c:\windows\system32\ATIDEMGX32.dll
2011-07-29 19:02:20 -------- d-----w- c:\users\xmattiexpoox\appdata\local\PokerStars.NET
2011-07-29 19:01:25 -------- d-----w- c:\program files\PokerStars.NET
2011-07-23 00:33:28 705024 ----a-w- c:\programdata\ATIDEMGX32.exe
2011-07-22 19:45:31 -------- d-----w- c:\programdata\PrevxCSI
2011-07-22 19:29:16 -------- d-----w- c:\users\xmattiexpoox\appdata\local\temp
2011-07-22 19:28:23 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-22 18:52:56 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0fa2df07-6e38-4f8d-b842-40bfaae4335f}\mpengine.dll
2011-07-20 23:24:39 569344 ----a-w- c:\windows\system32\mscat3232.exe
.
==================== Find3M ====================
.
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:16:08.00 ===============


DDS LOG other THING :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/29/2009 7:11:40 PM
System Uptime: 8/18/2011 4:49:21 PM (5 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon™ X2 Dual-Core QL-65 | Socket M2/S1G1 | 2100/2000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 109.401 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP548: 8/17/2011 3:56:10 PM - Scheduled Checkpoint
RP549: 8/18/2011 10:18:58 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.4.5
AIM 7
Apple Application Support
Apple Software Update
Artisteer 2
ATI Catalyst Install Manager
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Digiturf Race Viewer
Direct DiscRecorder
DivX Setup
DVD MovieFactory for TOSHIBA
Easy GIF Animator 5.1
eFax Messenger
Epson Event Manager
EPSON NX110 Series Printer Uninstall
EPSON Scan
Full Tilt Poker
Google Toolbar for Internet Explorer
Google Update Helper
Hitman Pro 3.5
Java™ 6 Update 11
LightScribe 1.4.124.1
Magic Online III
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.5.19)
MSXML 4.0 SP2 (KB941833)
Notepad++
Oregon Trail 5
Picasa 2
PlayReady PC runtime
PokerStars
PokerStars.net
QuickBooks Financial Center
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN Driver
SeaMonkey (2.0)
Sid Meier's Civilization 4
Sid Meier's Railroads!
Skins
Spyware Doctor 8.0
Synaptics Pointing Device Driver
TOSHIBA Agreement Notification Utility
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Office 2007 (KB946691)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.3
WildTangent Games
WinRAR archiver
World of Warcraft
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/18/2011 4:50:13 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:04 PM on 8/18/2011 was unexpected.
8/17/2011 8:59:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:58:16 PM on 8/17/2011 was unexpected.
8/17/2011 8:40:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
8/17/2011 8:33:04 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:49 PM on 8/17/2011 was unexpected.
8/17/2011 2:51:38 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
8/17/2011 12:12:10 AM, Error: EventLog [6008] - The previous system shutdown at 7:13:44 PM on 8/16/2011 was unexpected.
8/16/2011 6:16:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 449 time(s).
8/16/2011 5:49:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 448 time(s).
8/16/2011 5:49:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 447 time(s).
8/16/2011 5:49:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 446 time(s).
8/16/2011 5:48:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 445 time(s).
8/16/2011 5:48:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 444 time(s).
8/16/2011 5:48:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 443 time(s).
8/16/2011 5:47:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 442 time(s).
8/16/2011 5:47:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 441 time(s).
8/16/2011 5:47:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 440 time(s).
8/16/2011 5:46:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 439 time(s).
8/16/2011 5:46:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 438 time(s).
8/16/2011 5:46:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 437 time(s).
8/16/2011 5:45:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 436 time(s).
8/16/2011 5:45:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 435 time(s).
8/16/2011 5:45:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 434 time(s).
8/16/2011 5:44:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 433 time(s).
8/16/2011 5:44:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 432 time(s).
8/16/2011 5:44:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 431 time(s).
8/16/2011 5:43:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 430 time(s).
8/16/2011 5:43:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 429 time(s).
8/16/2011 5:43:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 428 time(s).
8/16/2011 5:42:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 427 time(s).
8/16/2011 5:42:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 426 time(s).
8/16/2011 5:42:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 425 time(s).
8/16/2011 5:41:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 424 time(s).
8/16/2011 5:41:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 423 time(s).
8/16/2011 5:41:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 422 time(s).
8/16/2011 5:40:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 421 time(s).
8/16/2011 5:40:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 420 time(s).
8/16/2011 5:40:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 419 time(s).
8/16/2011 5:39:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 418 time(s).
8/16/2011 5:39:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 417 time(s).
8/16/2011 5:39:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 416 time(s).
8/16/2011 5:38:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 415 time(s).
8/16/2011 5:38:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 414 time(s).
8/16/2011 5:38:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 413 time(s).
8/16/2011 5:37:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 412 time(s).
8/16/2011 5:37:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 411 time(s).
8/16/2011 5:37:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 410 time(s).
8/16/2011 5:36:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 409 time(s).
8/16/2011 5:36:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 408 time(s).
8/16/2011 5:36:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 407 time(s).
8/16/2011 5:35:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 406 time(s).
8/16/2011 5:35:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 405 time(s).
8/16/2011 5:34:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 404 time(s).
8/16/2011 5:34:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 403 time(s).
8/16/2011 5:34:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 402 time(s).
8/16/2011 5:33:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 401 time(s).
8/16/2011 5:33:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 400 time(s).
8/16/2011 5:33:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 399 time(s).
8/16/2011 5:32:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 398 time(s).
8/16/2011 5:32:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 397 time(s).
8/16/2011 5:32:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 396 time(s).
8/16/2011 5:31:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 395 time(s).
8/16/2011 5:31:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 394 time(s).
8/16/2011 5:31:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 393 time(s).
8/16/2011 5:30:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 392 time(s).
8/16/2011 5:30:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 391 time(s).
8/16/2011 5:30:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 390 time(s).
8/16/2011 5:29:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 389 time(s).
8/16/2011 5:29:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 388 time(s).
8/16/2011 5:29:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 387 time(s).
8/16/2011 5:28:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 386 time(s).
8/16/2011 5:28:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 385 time(s).
8/16/2011 5:28:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 384 time(s).
8/16/2011 5:27:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 383 time(s).
8/16/2011 5:27:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 382 time(s).
8/16/2011 5:27:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 381 time(s).
8/16/2011 5:26:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 380 time(s).
8/16/2011 5:26:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 379 time(s).
8/16/2011 5:26:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 378 time(s).
8/16/2011 5:25:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 377 time(s).
8/16/2011 5:25:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 376 time(s).
8/16/2011 5:25:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 375 time(s).
8/16/2011 5:24:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 374 time(s).
8/16/2011 5:24:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 373 time(s).
8/16/2011 5:24:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 372 time(s).
8/16/2011 5:23:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 371 time(s).
8/16/2011 5:23:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 370 time(s).
8/16/2011 5:23:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 369 time(s).
8/16/2011 5:22:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 368 time(s).
8/16/2011 5:22:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 367 time(s).
8/16/2011 5:22:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 366 time(s).
8/16/2011 5:21:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 365 time(s).
8/16/2011 5:21:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 364 time(s).
8/16/2011 5:21:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 363 time(s).
8/16/2011 5:20:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 362 time(s).
8/16/2011 5:20:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 361 time(s).
8/16/2011 5:20:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 360 time(s).
8/16/2011 5:19:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 359 time(s).
8/16/2011 5:19:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 358 time(s).
8/16/2011 5:19:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 357 time(s).
8/16/2011 5:18:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 356 time(s).
8/16/2011 5:18:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 355 time(s).
8/16/2011 5:18:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 354 time(s).
8/16/2011 5:17:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 353 time(s).
8/16/2011 5:17:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 352 time(s).
8/16/2011 5:17:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 351 time(s).
8/16/2011 5:16:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 350 time(s).
8/16/2011 5:16:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 349 time(s).
8/16/2011 5:16:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 348 time(s).
8/16/2011 5:15:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 347 time(s).
8/16/2011 5:15:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 346 time(s).
8/16/2011 5:15:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 345 time(s).
8/16/2011 5:14:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 344 time(s).
8/16/2011 5:14:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 343 time(s).
8/16/2011 5:14:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 342 time(s).
8/16/2011 5:13:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 341 time(s).
8/16/2011 5:13:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 340 time(s).
8/16/2011 5:13:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 339 time(s).
8/16/2011 5:12:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 338 time(s).
8/16/2011 5:12:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 337 time(s).
8/16/2011 5:12:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 336 time(s).
8/16/2011 5:11:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 335 time(s).
8/16/2011 5:11:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 334 time(s).
8/16/2011 5:11:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 333 time(s).
8/16/2011 5:10:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 332 time(s).
8/16/2011 5:10:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 331 time(s).
8/16/2011 5:10:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 330 time(s).
8/16/2011 5:09:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 329 time(s).
8/16/2011 5:09:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 328 time(s).
8/16/2011 5:09:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 327 time(s).
8/16/2011 5:08:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 326 time(s).
8/16/2011 5:08:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 325 time(s).
8/16/2011 5:08:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 324 time(s).
8/16/2011 5:07:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 323 time(s).
8/16/2011 5:07:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 322 time(s).
8/16/2011 5:07:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 321 time(s).
8/16/2011 5:06:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 320 time(s).
8/16/2011 5:06:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 319 time(s).
8/16/2011 5:06:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 318 time(s).
8/16/2011 5:05:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 317 time(s).
8/16/2011 5:05:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 316 time(s).
8/16/2011 5:05:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 315 time(s).
8/16/2011 5:04:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 314 time(s).
8/16/2011 5:04:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 313 time(s).
8/16/2011 5:04:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 312 time(s).
8/16/2011 5:03:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 311 time(s).
8/16/2011 5:03:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 310 time(s).
8/16/2011 5:03:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 309 time(s).
8/16/2011 5:02:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 308 time(s).
8/16/2011 5:02:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 307 time(s).
8/16/2011 5:02:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 306 time(s).
8/16/2011 5:01:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 305 time(s).
8/16/2011 5:01:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 304 time(s).
8/16/2011 5:01:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 303 time(s).
8/16/2011 5:00:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 302 time(s).
8/16/2011 5:00:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 301 time(s).
8/16/2011 4:59:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 300 time(s).
8/16/2011 4:59:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 299 time(s).
8/16/2011 4:59:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 298 time(s).
8/16/2011 4:58:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 297 time(s).
8/16/2011 4:58:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 296 time(s).
8/16/2011 4:58:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 295 time(s).
8/16/2011 4:57:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 294 time(s).
8/16/2011 4:57:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 293 time(s).
8/16/2011 4:57:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 292 time(s).
8/16/2011 4:56:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 291 time(s).
8/16/2011 4:56:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 290 time(s).
8/16/2011 4:56:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 289 time(s).
8/16/2011 4:55:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 288 time(s).
8/16/2011 4:55:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 287 time(s).
8/16/2011 4:55:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 286 time(s).
8/16/2011 4:54:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 285 time(s).
8/16/2011 4:54:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 284 time(s).
8/16/2011 4:54:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 283 time(s).
8/16/2011 4:53:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 282 time(s).
8/16/2011 4:53:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 281 time(s).
8/16/2011 4:53:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 280 time(s).
8/16/2011 4:52:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 279 time(s).
8/16/2011 4:52:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 278 time(s).
8/16/2011 4:52:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 277 time(s).
8/16/2011 4:51:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 276 time(s).
8/16/2011 4:51:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 275 time(s).
8/16/2011 4:51:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 274 time(s).
8/16/2011 4:50:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 273 time(s).
8/16/2011 4:50:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 272 time(s).
8/16/2011 4:50:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 271 time(s).
8/16/2011 4:49:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 270 time(s).
8/16/2011 4:49:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 269 time(s).
8/16/2011 4:49:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 268 time(s).
8/16/2011 4:48:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 267 time(s).
8/16/2011 4:48:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 266 time(s).
8/16/2011 4:48:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 265 time(s).
8/16/2011 4:47:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 264 time(s).
8/16/2011 4:47:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 263 time(s).
8/16/2011 4:47:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 262 time(s).
8/16/2011 4:46:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 261 time(s).
8/16/2011 4:46:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 260 time(s).
8/16/2011 4:46:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 259 time(s).
8/16/2011 4:45:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 258 time(s).
8/16/2011 4:45:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 257 time(s).
8/16/2011 4:45:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 256 time(s).
8/16/2011 4:44:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 255 time(s).
8/16/2011 4:44:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 254 time(s).
8/16/2011 4:44:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 253 time(s).
8/16/2011 4:43:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 252 time(s).
8/16/2011 4:43:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 251 time(s).
8/16/2011 4:43:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 250 time(s).
8/16/2011 4:42:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 249 time(s).
8/16/2011 4:42:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 248 time(s).
8/16/2011 4:42:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 247 time(s).
8/16/2011 4:41:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 246 time(s).
8/16/2011 4:41:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 245 time(s).
8/16/2011 4:41:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 244 time(s).
8/16/2011 4:40:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 243 time(s).
8/16/2011 4:40:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 242 time(s).
8/16/2011 4:40:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 241 time(s).
8/16/2011 4:39:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 240 time(s).
8/16/2011 4:39:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 239 time(s).
8/16/2011 4:39:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 238 time(s).
8/16/2011 4:38:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 237 time(s).
8/16/2011 4:38:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 236 time(s).
8/16/2011 4:38:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 235 time(s).
8/16/2011 4:37:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 234 time(s).
8/16/2011 4:37:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 233 time(s).
8/16/2011 4:37:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 232 time(s).
8/16/2011 4:36:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 231 time(s).
8/16/2011 4:36:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 230 time(s).
8/16/2011 4:36:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 229 time(s).
8/16/2011 4:35:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 228 time(s).
8/16/2011 4:35:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 227 time(s).
8/16/2011 4:35:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 226 time(s).
8/16/2011 4:34:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 225 time(s).
8/16/2011 4:34:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 224 time(s).
8/16/2011 4:34:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 223 time(s).
8/16/2011 4:33:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 222 time(s).
8/16/2011 4:33:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 221 time(s).
8/16/2011 4:33:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 220 time(s).
8/16/2011 4:32:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 219 time(s).
8/16/2011 4:32:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 218 time(s).
8/16/2011 4:32:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 217 time(s).
8/16/2011 4:31:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 216 time(s).
8/16/2011 4:31:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 215 time(s).
8/16/2011 4:31:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 214 time(s).
8/16/2011 4:30:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 213 time(s).
8/16/2011 4:30:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 212 time(s).
8/16/2011 4:30:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 211 time(s).
8/16/2011 4:29:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 210 time(s).
8/16/2011 4:29:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 209 time(s).
8/16/2011 4:29:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 208 time(s).
8/16/2011 4:28:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 207 time(s).
8/16/2011 4:28:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 206 time(s).
8/16/2011 4:28:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 205 time(s).
8/16/2011 4:27:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 204 time(s).
8/16/2011 4:27:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 203 time(s).
8/16/2011 4:27:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 202 time(s).
8/16/2011 4:26:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 201 time(s).
8/16/2011 4:26:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 200 time(s).
8/16/2011 4:25:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 199 time(s).
8/16/2011 4:25:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 198 time(s).
8/16/2011 4:25:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 197 time(s).
8/16/2011 4:24:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 196 time(s).
8/16/2011 4:24:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 195 time(s).
8/16/2011 4:24:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 194 time(s).
8/16/2011 4:23:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 193 time(s).
8/16/2011 4:23:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 192 time(s).
8/16/2011 4:23:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 191 time(s).
8/16/2011 4:22:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 190 time(s).
8/16/2011 4:22:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 189 time(s).
8/16/2011 4:22:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 188 time(s).
8/16/2011 4:21:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 187 time(s).
8/16/2011 4:21:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 186 time(s).
8/16/2011 4:21:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 185 time(s).
8/16/2011 4:20:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 184 time(s).
8/16/2011 4:20:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 183 time(s).
8/16/2011 4:20:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 182 time(s).
8/16/2011 4:19:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 181 time(s).
8/16/2011 4:19:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 180 time(s).
8/16/2011 4:19:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 179 time(s).
8/16/2011 4:18:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 178 time(s).
8/16/2011 4:18:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 177 time(s).
8/16/2011 4:18:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 176 time(s).
8/16/2011 4:17:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 175 time(s).
8/16/2011 4:17:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 174 time(s).
8/16/2011 4:17:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 173 time(s).
8/16/2011 4:16:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 172 time(s).
8/16/2011 4:16:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 171 time(s).
8/16/2011 4:16:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 170 time(s).
8/16/2011 4:15:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 169 time(s).
8/16/2011 4:15:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 168 time(s).
8/16/2011 4:15:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 167 time(s).
8/16/2011 4:14:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 166 time(s).
8/16/2011 4:14:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 165 time(s).
8/16/2011 4:14:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 164 time(s).
8/16/2011 4:13:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 163 time(s).
8/16/2011 4:13:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 162 time(s).
8/16/2011 4:13:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 161 time(s).
8/16/2011 4:12:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 160 time(s).
8/16/2011 4:12:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 159 time(s).
8/16/2011 4:12:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 158 time(s).
8/16/2011 4:11:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 157 time(s).
8/16/2011 4:11:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 156 time(s).
8/16/2011 4:11:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 155 time(s).
8/16/2011 4:10:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 154 time(s).
8/16/2011 4:10:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 153 time(s).
8/16/2011 4:10:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 152 time(s).
8/16/2011 4:09:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 151 time(s).
8/16/2011 4:09:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 150 time(s).
8/16/2011 4:09:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 149 time(s).
8/16/2011 4:08:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 148 time(s).
8/16/2011 4:08:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 147 time(s).
8/16/2011 4:07:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 146 time(s).
8/16/2011 4:07:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 145 time(s).
8/16/2011 4:07:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 144 time(s).
8/16/2011 4:06:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 143 time(s).
8/16/2011 4:06:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 142 time(s).
8/16/2011 4:06:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 141 time(s).
8/16/2011 4:05:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 140 time(s).
8/16/2011 4:05:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 139 time(s).
8/16/2011 4:05:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 138 time(s).
8/16/2011 4:04:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 137 time(s).
8/16/2011 4:04:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 136 time(s).
8/16/2011 4:04:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 135 time(s).
8/16/2011 4:03:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 134 time(s).
8/16/2011 4:03:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 133 time(s).
8/16/2011 4:03:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 132 time(s).
8/16/2011 4:02:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 131 time(s).
8/16/2011 4:02:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 130 time(s).
8/16/2011 4:02:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 129 time(s).
8/16/2011 4:01:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 128 time(s).
8/16/2011 4:01:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 127 time(s).
8/16/2011 4:01:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 126 time(s).
8/16/2011 4:00:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 125 time(s).
8/16/2011 4:00:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 124 time(s).
8/16/2011 4:00:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 123 time(s).
8/16/2011 3:59:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 122 time(s).
8/16/2011 3:59:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 121 time(s).
8/16/2011 3:59:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 120 time(s).
8/16/2011 3:58:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 119 time(s).
8/16/2011 3:58:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 118 time(s).
8/16/2011 3:58:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 117 time(s).
8/16/2011 3:57:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 116 time(s).
8/16/2011 3:57:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 115 time(s).
8/16/2011 3:57:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 114 time(s).
8/16/2011 3:56:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 113 time(s).
8/16/2011 3:56:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 112 time(s).
8/16/2011 3:56:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 111 time(s).
8/16/2011 3:55:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 110 time(s).
8/16/2011 3:55:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 109 time(s).
8/16/2011 3:55:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 108 time(s).
8/16/2011 3:54:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 107 time(s).
8/16/2011 3:54:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 106 time(s).
8/16/2011 3:54:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 105 time(s).
8/16/2011 3:53:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 104 time(s).
8/16/2011 3:53:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 103 time(s).
8/16/2011 3:53:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 102 time(s).
8/16/2011 3:52:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 101 time(s).
8/16/2011 3:52:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 100 time(s).
8/16/2011 3:52:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 99 time(s).
8/16/2011 3:51:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 98 time(s).
8/16/2011 3:51:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 97 time(s).
8/16/2011 3:51:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 96 time(s).
8/16/2011 3:50:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 95 time(s).
8/16/2011 3:50:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 94 time(s).
8/16/2011 3:50:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 93 time(s).
8/16/2011 3:49:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 92 time(s).
8/16/2011 3:49:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 91 time(s).
8/16/2011 3:49:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 90 time(s).
8/16/2011 3:48:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 89 time(s).
8/16/2011 3:48:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 88 time(s).
8/16/2011 3:48:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 87 time(s).
8/16/2011 3:47:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 86 time(s).
8/16/2011 3:47:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 85 time(s).
8/16/2011 3:47:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 84 time(s).
8/16/2011 3:46:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 83 time(s).
8/16/2011 3:46:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 82 time(s).
8/16/2011 3:46:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 81 time(s).
8/16/2011 3:45:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 80 time(s).
8/16/2011 3:45:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 79 time(s).
8/16/2011 3:45:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 78 time(s).
8/16/2011 3:44:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 77 time(s).
8/16/2011 3:44:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 76 time(s).
8/16/2011 3:44:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 75 time(s).
8/16/2011 3:43:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 74 time(s).
8/16/2011 3:43:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 73 time(s).
8/16/2011 3:43:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 72 time(s).
8/16/2011 3:42:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 71 time(s).
8/16/2011 3:42:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 70 time(s).
8/16/2011 3:42:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 69 time(s).
8/16/2011 3:41:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 68 time(s).
8/16/2011 3:41:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 67 time(s).
8/16/2011 3:41:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 66 time(s).
8/16/2011 3:40:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 65 time(s).
8/16/2011 3:40:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 64 time(s).
8/16/2011 3:40:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 63 time(s).
8/16/2011 3:39:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 62 time(s).
8/16/2011 3:39:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 61 time(s).
8/16/2011 3:39:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 60 time(s).
8/16/2011 3:38:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 59 time(s).
8/16/2011 3:38:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 58 time(s).
8/16/2011 3:38:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 57 time(s).
8/16/2011 3:37:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 56 time(s).
8/16/2011 3:37:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 55 time(s).
8/16/2011 3:37:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 54 time(s).
8/16/2011 3:36:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 53 time(s).
8/16/2011 3:36:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 52 time(s).
8/16/2011 3:36:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 51 time(s).
8/16/2011 3:35:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 50 time(s).
8/16/2011 3:35:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 49 time(s).
8/16/2011 3:35:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 48 time(s).
8/16/2011 3:34:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 47 time(s).
8/16/2011 3:34:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 46 time(s).
8/16/2011 3:33:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 45 time(s).
8/16/2011 3:33:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 44 time(s).
8/16/2011 3:33:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 43 time(s).
8/16/2011 3:32:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 42 time(s).
8/16/2011 3:32:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 41 time(s).
8/16/2011 3:32:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 40 time(s).
8/16/2011 3:31:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 39 time(s).
8/16/2011 3:31:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 38 time(s).
8/16/2011 3:31:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 37 time(s).
8/16/2011 3:30:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 36 time(s).
8/16/2011 3:30:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 35 time(s).
8/16/2011 3:30:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 34 time(s).
8/16/2011 3:29:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 33 time(s).
8/16/2011 3:29:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 32 time(s).
8/16/2011 3:29:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 31 time(s).
8/16/2011 3:28:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 30 time(s).
8/16/2011 3:28:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 29 time(s).
8/16/2011 3:28:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 28 time(s).
8/16/2011 3:27:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 27 time(s).
8/16/2011 3:27:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s).
8/16/2011 3:27:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s).
8/16/2011 3:26:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s).
8/16/2011 3:26:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s).
8/16/2011 3:26:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).
8/16/2011 3:25:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).
8/16/2011 2:23:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
8/16/2011 2:22:24 PM, Error: EventLog [6008] - The previous system shutdown at 2:21:03 PM on 8/16/2011 was unexpected.
8/14/2011 3:05:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).
8/14/2011 3:04:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).
8/14/2011 3:04:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).
8/14/2011 3:04:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).
8/14/2011 3:03:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).
8/14/2011 3:03:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).
8/14/2011 3:03:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).
8/14/2011 3:02:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).
8/14/2011 3:02:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).
8/14/2011 2:58:23 PM, Error: EventLog [6008] - The previous system shutdown at 2:57:07 PM on 8/14/2011 was unexpected.
8/14/2011 2:11:17 PM, Error: EventLog [6008] - The previous system shutdown at 2:09:32 PM on 8/14/2011 was unexpected.
8/14/2011 11:31:35 PM, Error: EventLog [6008] - The previous system shutdown at 10:03:02 PM on 8/14/2011 was unexpected.
8/13/2011 7:34:01 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).
8/13/2011 6:21:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
8/13/2011 4:13:48 PM, Error: EventLog [6008] - The previous system shutdown at 4:12:40 PM on 8/13/2011 was unexpected.
8/13/2011 3:12:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
8/13/2011 3:12:34 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
8/13/2011 3:12:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
8/13/2011 3:11:53 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
8/13/2011 3:11:33 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
8/13/2011 3:09:56 AM, Error: EventLog [6008] - The previous system shutdown at 3:08:36 AM on 8/13/2011 was unexpected.
8/12/2011 11:34:16 PM, Error: EventLog [6008] - The previous system shutdown at 11:33:21 PM on 8/12/2011 was unexpected.
8/11/2011 9:20:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
8/11/2011 6:30:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/11/2011 6:29:14 PM, Error: EventLog [6008] - The previous system shutdown at 5:11:23 PM on 8/11/2011 was unexpected.
8/11/2011 2:21:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
8/11/2011 2:21:25 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/11/2011 2:21:25 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/11/2011 2:21:25 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
8/11/2011 2:21:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/11/2011 2:21:25 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/11/2011 2:21:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/11/2011 2:20:48 PM, Error: EventLog [6008] - The previous system shutdown at 2:19:12 PM on 8/11/2011 was unexpected.
8/11/2011 10:06:59 PM, Error: EventLog [6008] - The previous system shutdown at 10:03:05 PM on 8/11/2011 was unexpected.
.
==== End Of File ===========================

#4 xxEMOxx

xxEMOxx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 19 August 2011 - 12:05 AM

GMER LOG:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-18 22:01:50
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK2555GSX rev.FG001M
Running: gmer.exe; Driver: C:\Users\XMATTI~1\AppData\Local\Temp\ffkyrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90A67202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90A697F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90A69848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90A6995E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90A69746]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x80797F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x80798230]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x90A69898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90A6979A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90A6990C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90A67226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90A66FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90A6724A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90A69D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90A67CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90A69820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90A69870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90A69988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90A69772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90A698D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90A697C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90A69936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90A67BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90A6726E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90A67292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90A6704A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90A67186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90A67162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90A671AA]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x807979D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90A672B6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8079852C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 340 81CEF904 4 Bytes [02, 72, A6, 90] {ADD DH, [EDX-0x5a]; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 404 81CEF9C8 4 Bytes [F0, 97, A6, 90]
.text ntkrnlpa.exe!KeSetTimerEx + 409 81CEF9CD 3 Bytes [98, A6, 90] {CWDE ; CMPSB ; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 410 81CEF9D4 4 Bytes [5E, 99, A6, 90] {POP ESI; CDQ ; CMPSB ; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 428 81CEF9EC 4 Bytes [46, 97, A6, 90] {INC ESI; XCHG EDI, EAX; CMPSB ; NOP }
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81E169EE 5 Bytes JMP 91C8BD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 81E532B6 4 Bytes CALL 90A6834B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 81E62C19 4 Bytes CALL 90A68361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 81E7F357 5 Bytes JMP 91C8D7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B753480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B794900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F607000, 0x263970, 0xE8000020]
.text win32k.sys!EngCreateRectRgn + 51BF 972540E7 5 Bytes JMP 90A6A440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 2029 97267309 5 Bytes JMP 90A69E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B11 9727AB6D 5 Bytes JMP 90A69D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + EE8 9727AF44 5 Bytes JMP 90A6ABD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 3161 9727F869 5 Bytes JMP 90A6A03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetRectRgn + 1939 97282539 5 Bytes JMP 90A69F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 65B3 9728C6BD 5 Bytes JMP 90A6A316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8726 9728E830 5 Bytes JMP 90A6AF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C740 972ABE67 5 Bytes JMP 90A6A180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C813 972ABF3A 5 Bytes JMP 90A6A326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3FB5 972CDF31 5 Bytes JMP 90A6AB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 7E1D 972D1D99 5 Bytes JMP 90A69FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 442A 972E4174 5 Bytes JMP 90A69E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 9061 972E8DAB 5 Bytes JMP 90A6AD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 92BD 972E9007 5 Bytes JMP 90A6AE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3828 972FD320 5 Bytes JMP 90A6B014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 4D18 97305A46 5 Bytes JMP 90A6ABAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 1763 9730F4C5 5 Bytes JMP 90A6ACA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 478A 97315F43 5 Bytes JMP 90A69EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 40E 973324F3 5 Bytes JMP 90A6A0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + CF6 9733C313 5 Bytes JMP 90A6A008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9733FE42 5 Bytes JMP 90A6AECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 308C 9735AA77 5 Bytes JMP 90A6A0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\XMATTI~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[636] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[636] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[636] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00130804
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001301F8
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001303FC
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00130600
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00130A08
.text C:\Windows\system32\wininit.exe[684] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[684] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[684] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[684] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[684] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[684] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000603FC
.text C:\Windows\system32\wininit.exe[684] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[684] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00060A08
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[696] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[696] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[696] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[696] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[696] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\csrss.exe[704] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsm.exe[756] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsm.exe[756] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsm.exe[756] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00060A08
.text C:\Windows\system32\agrsmsvc.exe[908] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[908] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000803FC
.text C:\Windows\system32\agrsmsvc.exe[908] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000A0600
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000A1014
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000A0804
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000A0A08
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000A01F8
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000B0804
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000B01F8
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000B03FC
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000B0600
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 009C0804
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 009C01F8
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 009C03FC
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 009C0600
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 009C0A08
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000E0804
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000E0600
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000E0A08
.text C:\Windows\system32\atiesrxx.exe[1176] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Windows\system32\atiesrxx.exe[1176] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\atiesrxx.exe[1176] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001703FC
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00171014
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00170C0C
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00170E10
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 009A0804
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 009A01F8
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 009A03FC
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 009A0600
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 009A0A08
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!DeleteService 76E33BEE 3 Bytes JMP 000C0600
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!DeleteService + 4 76E33BF2 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000C1014
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000C0804
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000C0C0C
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000C0E10
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00E40804
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 00E401F8
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 00E403FC
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00E40600
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00E40A08
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000D0804
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000D01F8
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000D03FC
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000D0600
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000D0A08
.text C:\Windows\system32\AUDIODG.EXE[1348] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00BD0804
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 00BD01F8
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 00BD03FC
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00BD0600
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00BD0A08
.text C:\Windows\system32\atieclxx.exe[1524] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Windows\system32\atieclxx.exe[1524] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\atieclxx.exe[1524] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1716] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1716] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1716] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001403FC
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00140A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 001A0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 001A1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 001A0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 001A0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001A01F8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1852] kernel32.dll!SetUnhandledExceptionFilter 772E6E2D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1852] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 001A0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001A01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001A03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 001A0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 001A0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001B03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 001B0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 001B1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 001B0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 001B0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 001B0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 001B0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001B01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000B0A08
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2316] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2316] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2316] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001903FC
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00190600
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00191014
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00190804
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00190A08
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00190C0C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00190E10
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001901F8
.text C:\Windows\system32\TODDSrv.exe[2428] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Windows\system32\TODDSrv.exe[2428] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\TODDSrv.exe[2428] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 002B03FC
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 002B0600
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 002B1014
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 002B0804
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 002B0A08
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 002B0C0C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 002B0E10
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 002B01F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 002C0804
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 002C01F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 002C03FC
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 002C0600
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 002C0A08
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 003103FC
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00310600
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00311014
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00310804
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00310A08
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00310C0C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00310E10
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 003101F8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00320804
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 003201F8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 003203FC
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00320600
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00320A08
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00171014
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00170C0C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00170E10
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[2612] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[2612] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[2612] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2828] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2828] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2828] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00210804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 002101F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 002103FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00210600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00210A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 002203FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00220600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00221014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00220804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00220A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00220C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00220E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 002201F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000401F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000403FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000603FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00060600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00061014
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00060804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00060A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00060C0C
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00060E10
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000601F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00070804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000701F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000703FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00070600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[3132] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00180804
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001803FC
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00180600
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00180A08
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 003203FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00320600
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00321014
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00320804
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00320A08
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00320C0C
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00320E10
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 003201F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00330804
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 003301F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 003303FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00330600
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00330A08
.text C:\Windows\system32\Dwm.exe[3192] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[3192] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\system32\Dwm.exe[3192] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[3212] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3212] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3212] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3248] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[3248] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[3248] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001703FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00170600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00171014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00170804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00170A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00B70804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 00B701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 00B703FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00B70600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00B70A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001703FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00170600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00171014
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00170804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00170A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001701F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00180804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001801F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001803FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3484] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00070A08
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001B03FC
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 001B0600
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 001B1014
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 001B0804
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 001B0A08
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 001B0C0C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 001B0E10
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001B01F8
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 001C0804
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001C01F8
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001C03FC
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 001C0600
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 001C0A08
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00270804
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 002701F8
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 002703FC
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00270600
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00270A08
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 002803FC
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00280600
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00281014
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00280804
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00280A08
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00280C0C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00280E10
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 002801F8
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001903FC
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00190600
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00191014
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00190804
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00190A08
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00190C0C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00190E10
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001901F8
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00330804
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 003301F8
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 003303FC
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00330600
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00330A08
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 003403FC
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00340600
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00341014
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00340804
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00340A08
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00340C0C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00340E10
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 003401F8
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 002B0804
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 002B01F8
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 002B03FC
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 002B0600
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 002B0A08
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 002C03FC
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 002C0600
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 002C1014
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 002C0804
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 002C0A08
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 002C0C0C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 002C0E10
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 002C01F8
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001E03FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 001E0600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 001E1014
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 001E0804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 001E0A08
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 001E0C0C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 001E0E10
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001E01F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 001F0804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001F01F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001F03FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 001F0600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 001F0A08
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3948] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4192] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[4560] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[4892] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00090804
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000901F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000903FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00090600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00090A08
.text C:\Users\xMATTIExPOOx\Desktop\Games APS and EXE's\Virus Software Stuff\gmer.exe[5384] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\NOTEPAD.EXE[5672] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#5 xxEMOxx

xxEMOxx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 20 August 2011 - 04:28 AM

Still hoping for help!!!

This is getting more annoying and more frustrating!!!

Posted the logs as requested!!!!


PLEASE AND THANK YOU!!!!

#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,659 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:57 PM

Posted 23 August 2011 - 08:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/415078 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 xxEMOxx

xxEMOxx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 28 August 2011 - 05:03 AM

Please all bleeping computer virii experts, and such!!!!!

Still waiting on help, have followed forum protocol , posted logs and everything please help this getting more annoying daily ( the virus, redirect, whatever... ) and school starts Monday!!!!

I need freaking GOOGLE!!!


Thank you for your time and energy ex-spent concerning the topic at hand!

xxEMOxx

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:57 AM

Posted 28 August 2011 - 08:41 AM

Still waiting on help, have followed forum protocol

Please read the previous post and post the requested logs. Once posted, I'll outline further steps.

I understand this problem may be frustrating, but please understand that we are all volunteers.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 xxEMOxx

xxEMOxx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 29 August 2011 - 02:42 AM

I do understand you are all volunteers, I also feel so though people do not read, as both logs for the infect PC pursuent to Orange Blossom and the HELPbot posts, are and have been posted, in this thread!

HERE is a repeat of the posting of logs: ( if am missing a step or something please let me know as these logs take forever!!!! )

Here are my logs as the mod had said to get.

I am not sure if the one GMER one will post cause it saves in .log format but i'll try.

DDS LOG:
\.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 7.0.6001.18000
Run by xMATTIExPOOx at 21:15:27 on 2011-08-18
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2068 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Motive\McciServiceHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TECO\TEco.exe
C:\Program Files\TOSHIBA\TANU\TANU.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\xMATTIExPOOx\Desktop\Games APS and EXE's\Virus Software Stuff\dds.com
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: H - No File
BHO: {0129d182-e60f-4d1f-b969-6468202fab6a} - c:\windows\system32\ATIDEMGX32.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
mRun: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
mRun: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
mRun: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
mRun: [NDSTray.exe] "c:\program files\toshiba\configfree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "c:\program files\toshiba\configfree\cfFncEnabler.exe"
mRun: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosSENotify.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\progra~1\yahoo!\messen~1\YPager.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: $talisma_url$
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\xmattiexpoox\appdata\roaming\mozilla\firefox\profiles\d8xqlwck.default\
FF - component: c:\users\xmattiexpoox\appdata\roaming\mozilla\firefox\profiles\d8xqlwck.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: FireFTP button: {9BAE5926-8513-417d-8E47-774955A7C60D} - %profile%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: XUL Cache: {c9be5bae-62a2-4d50-806a-d7216eabb447} - %profile%\extensions\{c9be5bae-62a2-4d50-806a-d7216eabb447}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-7 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-7 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-7 656320]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-4-8 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-10-4 309848]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2009-7-27 25896]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-7-27 176128]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-10-4 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-10-4 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-4-8 42184]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2009-3-10 46448]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-7 366640]
R2 McciServiceHost;McciServiceHost;c:\program files\common files\motive\McciServiceHost.exe [2011-3-29 315392]
R2 RSELSVC;TOSHIBA Modem region select service;c:\program files\toshiba\rselect\RSelSvc.exe [2009-2-19 57344]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2009-4-14 176128]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2009-3-17 73728]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2009-5-3 7168]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-7 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 135664]
S2 MMCSS32;Multimedia Class Scheduler ;c:\windows\system32\mscat3232.exe [2011-7-20 569344]
S2 PNRPAutoReg32;PNRP Machine Name Publication Service ;c:\windows\system32\wmidx32.exe --> c:\windows\system32\wmidx32.exe [?]
S2 THREADORDER32;Thread Ordering Server ;c:\windows\system32\nlsdata000032.exe --> c:\windows\system32\NlsData000032.exe [?]
S3 37F2DF21;37F2DF21;c:\windows\system32\37f2df21.exe --> c:\windows\system32\37F2DF21.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-2 135664]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-8-18 23624]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-4-7 366840]
S4 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-4-7 1150936]
.
=============== Created Last 30 ================
.
2011-08-18 23:29:42 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-18 23:29:41 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-18 23:29:18 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2011-08-18 23:28:53 -------- d-----w- c:\programdata\Hitman Pro
2011-08-18 17:20:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-18 17:20:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-18 17:20:46 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-18 17:20:46 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-18 17:20:46 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-08-15 07:19:17 155648 ----a-w- c:\programdata\ATIDEMGX32.dll
2011-08-15 07:19:12 327680 ----a-w- c:\windows\system32\ATIDEMGX32.dll
2011-07-29 19:02:20 -------- d-----w- c:\users\xmattiexpoox\appdata\local\PokerStars.NET
2011-07-29 19:01:25 -------- d-----w- c:\program files\PokerStars.NET
2011-07-23 00:33:28 705024 ----a-w- c:\programdata\ATIDEMGX32.exe
2011-07-22 19:45:31 -------- d-----w- c:\programdata\PrevxCSI
2011-07-22 19:29:16 -------- d-----w- c:\users\xmattiexpoox\appdata\local\temp
2011-07-22 19:28:23 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-22 18:52:56 6881616 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0fa2df07-6e38-4f8d-b842-40bfaae4335f}\mpengine.dll
2011-07-20 23:24:39 569344 ----a-w- c:\windows\system32\mscat3232.exe
.
==================== Find3M ====================
.
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-26 06:45:56 256000 ----a-w- c:\windows\PEV.exe
2011-05-25 02:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:16:08.00 ===============


DDS LOG other THING :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/29/2009 7:11:40 PM
System Uptime: 8/18/2011 4:49:21 PM (5 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: AMD Athlon™ X2 Dual-Core QL-65 | Socket M2/S1G1 | 2100/2000mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 109.401 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP548: 8/17/2011 3:56:10 PM - Scheduled Checkpoint
RP549: 8/18/2011 10:18:58 AM - Windows Update
.
==== Installed Programs ======================
.
µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop 6.0
Adobe Reader 9.4.5
AIM 7
Apple Application Support
Apple Software Update
Artisteer 2
ATI Catalyst Install Manager
avast! Free Antivirus
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Digiturf Race Viewer
Direct DiscRecorder
DivX Setup
DVD MovieFactory for TOSHIBA
Easy GIF Animator 5.1
eFax Messenger
Epson Event Manager
EPSON NX110 Series Printer Uninstall
EPSON Scan
Full Tilt Poker
Google Toolbar for Internet Explorer
Google Update Helper
Hitman Pro 3.5
Java™ 6 Update 11
LightScribe 1.4.124.1
Magic Online III
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Mozilla Firefox (3.5.19)
MSXML 4.0 SP2 (KB941833)
Notepad++
Oregon Trail 5
Picasa 2
PlayReady PC runtime
PokerStars
PokerStars.net
QuickBooks Financial Center
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WiFi Protected Setup Library
Realtek WLAN Driver
SeaMonkey (2.0)
Sid Meier's Civilization 4
Sid Meier's Railroads!
Skins
Spyware Doctor 8.0
Synaptics Pointing Device Driver
TOSHIBA Agreement Notification Utility
Toshiba Application and Driver Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
TOSHIBA Recovery Disc Creator
Toshiba Registration
Toshiba Resources Page
TOSHIBA SD Memory Utilities
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Update for Office 2007 (KB946691)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.3
WildTangent Games
WinRAR archiver
World of Warcraft
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/18/2011 4:50:13 PM, Error: EventLog [6008] - The previous system shutdown at 4:48:04 PM on 8/18/2011 was unexpected.
8/17/2011 8:59:53 PM, Error: EventLog [6008] - The previous system shutdown at 8:58:16 PM on 8/17/2011 was unexpected.
8/17/2011 8:40:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
8/17/2011 8:33:04 PM, Error: EventLog [6008] - The previous system shutdown at 5:08:49 PM on 8/17/2011 was unexpected.
8/17/2011 2:51:38 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
8/17/2011 12:12:10 AM, Error: EventLog [6008] - The previous system shutdown at 7:13:44 PM on 8/16/2011 was unexpected.
8/16/2011 6:16:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 449 time(s).
8/16/2011 5:49:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 448 time(s).
8/16/2011 5:49:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 447 time(s).
8/16/2011 5:49:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 446 time(s).
8/16/2011 5:48:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 445 time(s).
8/16/2011 5:48:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 444 time(s).
8/16/2011 5:48:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 443 time(s).
8/16/2011 5:47:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 442 time(s).
8/16/2011 5:47:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 441 time(s).
8/16/2011 5:47:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 440 time(s).
8/16/2011 5:46:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 439 time(s).
8/16/2011 5:46:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 438 time(s).
8/16/2011 5:46:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 437 time(s).
8/16/2011 5:45:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 436 time(s).
8/16/2011 5:45:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 435 time(s).
8/16/2011 5:45:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 434 time(s).
8/16/2011 5:44:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 433 time(s).
8/16/2011 5:44:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 432 time(s).
8/16/2011 5:44:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 431 time(s).
8/16/2011 5:43:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 430 time(s).
8/16/2011 5:43:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 429 time(s).
8/16/2011 5:43:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 428 time(s).
8/16/2011 5:42:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 427 time(s).
8/16/2011 5:42:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 426 time(s).
8/16/2011 5:42:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 425 time(s).
8/16/2011 5:41:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 424 time(s).
8/16/2011 5:41:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 423 time(s).
8/16/2011 5:41:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 422 time(s).
8/16/2011 5:40:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 421 time(s).
8/16/2011 5:40:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 420 time(s).
8/16/2011 5:40:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 419 time(s).
8/16/2011 5:39:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 418 time(s).
8/16/2011 5:39:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 417 time(s).
8/16/2011 5:39:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 416 time(s).
8/16/2011 5:38:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 415 time(s).
8/16/2011 5:38:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 414 time(s).
8/16/2011 5:38:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 413 time(s).
8/16/2011 5:37:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 412 time(s).
8/16/2011 5:37:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 411 time(s).
8/16/2011 5:37:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 410 time(s).
8/16/2011 5:36:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 409 time(s).
8/16/2011 5:36:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 408 time(s).
8/16/2011 5:36:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 407 time(s).
8/16/2011 5:35:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 406 time(s).
8/16/2011 5:35:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 405 time(s).
8/16/2011 5:34:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 404 time(s).
8/16/2011 5:34:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 403 time(s).
8/16/2011 5:34:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 402 time(s).
8/16/2011 5:33:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 401 time(s).
8/16/2011 5:33:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 400 time(s).
8/16/2011 5:33:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 399 time(s).
8/16/2011 5:32:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 398 time(s).
8/16/2011 5:32:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 397 time(s).
8/16/2011 5:32:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 396 time(s).
8/16/2011 5:31:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 395 time(s).
8/16/2011 5:31:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 394 time(s).
8/16/2011 5:31:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 393 time(s).
8/16/2011 5:30:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 392 time(s).
8/16/2011 5:30:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 391 time(s).
8/16/2011 5:30:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 390 time(s).
8/16/2011 5:29:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 389 time(s).
8/16/2011 5:29:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 388 time(s).
8/16/2011 5:29:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 387 time(s).
8/16/2011 5:28:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 386 time(s).
8/16/2011 5:28:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 385 time(s).
8/16/2011 5:28:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 384 time(s).
8/16/2011 5:27:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 383 time(s).
8/16/2011 5:27:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 382 time(s).
8/16/2011 5:27:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 381 time(s).
8/16/2011 5:26:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 380 time(s).
8/16/2011 5:26:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 379 time(s).
8/16/2011 5:26:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 378 time(s).
8/16/2011 5:25:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 377 time(s).
8/16/2011 5:25:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 376 time(s).
8/16/2011 5:25:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 375 time(s).
8/16/2011 5:24:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 374 time(s).
8/16/2011 5:24:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 373 time(s).
8/16/2011 5:24:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 372 time(s).
8/16/2011 5:23:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 371 time(s).
8/16/2011 5:23:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 370 time(s).
8/16/2011 5:23:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 369 time(s).
8/16/2011 5:22:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 368 time(s).
8/16/2011 5:22:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 367 time(s).
8/16/2011 5:22:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 366 time(s).
8/16/2011 5:21:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 365 time(s).
8/16/2011 5:21:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 364 time(s).
8/16/2011 5:21:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 363 time(s).
8/16/2011 5:20:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 362 time(s).
8/16/2011 5:20:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 361 time(s).
8/16/2011 5:20:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 360 time(s).
8/16/2011 5:19:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 359 time(s).
8/16/2011 5:19:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 358 time(s).
8/16/2011 5:19:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 357 time(s).
8/16/2011 5:18:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 356 time(s).
8/16/2011 5:18:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 355 time(s).
8/16/2011 5:18:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 354 time(s).
8/16/2011 5:17:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 353 time(s).
8/16/2011 5:17:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 352 time(s).
8/16/2011 5:17:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 351 time(s).
8/16/2011 5:16:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 350 time(s).
8/16/2011 5:16:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 349 time(s).
8/16/2011 5:16:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 348 time(s).
8/16/2011 5:15:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 347 time(s).
8/16/2011 5:15:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 346 time(s).
8/16/2011 5:15:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 345 time(s).
8/16/2011 5:14:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 344 time(s).
8/16/2011 5:14:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 343 time(s).
8/16/2011 5:14:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 342 time(s).
8/16/2011 5:13:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 341 time(s).
8/16/2011 5:13:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 340 time(s).
8/16/2011 5:13:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 339 time(s).
8/16/2011 5:12:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 338 time(s).
8/16/2011 5:12:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 337 time(s).
8/16/2011 5:12:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 336 time(s).
8/16/2011 5:11:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 335 time(s).
8/16/2011 5:11:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 334 time(s).
8/16/2011 5:11:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 333 time(s).
8/16/2011 5:10:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 332 time(s).
8/16/2011 5:10:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 331 time(s).
8/16/2011 5:10:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 330 time(s).
8/16/2011 5:09:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 329 time(s).
8/16/2011 5:09:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 328 time(s).
8/16/2011 5:09:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 327 time(s).
8/16/2011 5:08:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 326 time(s).
8/16/2011 5:08:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 325 time(s).
8/16/2011 5:08:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 324 time(s).
8/16/2011 5:07:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 323 time(s).
8/16/2011 5:07:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 322 time(s).
8/16/2011 5:07:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 321 time(s).
8/16/2011 5:06:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 320 time(s).
8/16/2011 5:06:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 319 time(s).
8/16/2011 5:06:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 318 time(s).
8/16/2011 5:05:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 317 time(s).
8/16/2011 5:05:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 316 time(s).
8/16/2011 5:05:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 315 time(s).
8/16/2011 5:04:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 314 time(s).
8/16/2011 5:04:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 313 time(s).
8/16/2011 5:04:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 312 time(s).
8/16/2011 5:03:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 311 time(s).
8/16/2011 5:03:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 310 time(s).
8/16/2011 5:03:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 309 time(s).
8/16/2011 5:02:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 308 time(s).
8/16/2011 5:02:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 307 time(s).
8/16/2011 5:02:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 306 time(s).
8/16/2011 5:01:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 305 time(s).
8/16/2011 5:01:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 304 time(s).
8/16/2011 5:01:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 303 time(s).
8/16/2011 5:00:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 302 time(s).
8/16/2011 5:00:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 301 time(s).
8/16/2011 4:59:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 300 time(s).
8/16/2011 4:59:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 299 time(s).
8/16/2011 4:59:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 298 time(s).
8/16/2011 4:58:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 297 time(s).
8/16/2011 4:58:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 296 time(s).
8/16/2011 4:58:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 295 time(s).
8/16/2011 4:57:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 294 time(s).
8/16/2011 4:57:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 293 time(s).
8/16/2011 4:57:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 292 time(s).
8/16/2011 4:56:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 291 time(s).
8/16/2011 4:56:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 290 time(s).
8/16/2011 4:56:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 289 time(s).
8/16/2011 4:55:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 288 time(s).
8/16/2011 4:55:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 287 time(s).
8/16/2011 4:55:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 286 time(s).
8/16/2011 4:54:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 285 time(s).
8/16/2011 4:54:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 284 time(s).
8/16/2011 4:54:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 283 time(s).
8/16/2011 4:53:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 282 time(s).
8/16/2011 4:53:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 281 time(s).
8/16/2011 4:53:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 280 time(s).
8/16/2011 4:52:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 279 time(s).
8/16/2011 4:52:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 278 time(s).
8/16/2011 4:52:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 277 time(s).
8/16/2011 4:51:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 276 time(s).
8/16/2011 4:51:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 275 time(s).
8/16/2011 4:51:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 274 time(s).
8/16/2011 4:50:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 273 time(s).
8/16/2011 4:50:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 272 time(s).
8/16/2011 4:50:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 271 time(s).
8/16/2011 4:49:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 270 time(s).
8/16/2011 4:49:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 269 time(s).
8/16/2011 4:49:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 268 time(s).
8/16/2011 4:48:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 267 time(s).
8/16/2011 4:48:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 266 time(s).
8/16/2011 4:48:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 265 time(s).
8/16/2011 4:47:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 264 time(s).
8/16/2011 4:47:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 263 time(s).
8/16/2011 4:47:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 262 time(s).
8/16/2011 4:46:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 261 time(s).
8/16/2011 4:46:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 260 time(s).
8/16/2011 4:46:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 259 time(s).
8/16/2011 4:45:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 258 time(s).
8/16/2011 4:45:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 257 time(s).
8/16/2011 4:45:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 256 time(s).
8/16/2011 4:44:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 255 time(s).
8/16/2011 4:44:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 254 time(s).
8/16/2011 4:44:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 253 time(s).
8/16/2011 4:43:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 252 time(s).
8/16/2011 4:43:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 251 time(s).
8/16/2011 4:43:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 250 time(s).
8/16/2011 4:42:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 249 time(s).
8/16/2011 4:42:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 248 time(s).
8/16/2011 4:42:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 247 time(s).
8/16/2011 4:41:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 246 time(s).
8/16/2011 4:41:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 245 time(s).
8/16/2011 4:41:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 244 time(s).
8/16/2011 4:40:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 243 time(s).
8/16/2011 4:40:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 242 time(s).
8/16/2011 4:40:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 241 time(s).
8/16/2011 4:39:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 240 time(s).
8/16/2011 4:39:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 239 time(s).
8/16/2011 4:39:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 238 time(s).
8/16/2011 4:38:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 237 time(s).
8/16/2011 4:38:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 236 time(s).
8/16/2011 4:38:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 235 time(s).
8/16/2011 4:37:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 234 time(s).
8/16/2011 4:37:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 233 time(s).
8/16/2011 4:37:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 232 time(s).
8/16/2011 4:36:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 231 time(s).
8/16/2011 4:36:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 230 time(s).
8/16/2011 4:36:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 229 time(s).
8/16/2011 4:35:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 228 time(s).
8/16/2011 4:35:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 227 time(s).
8/16/2011 4:35:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 226 time(s).
8/16/2011 4:34:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 225 time(s).
8/16/2011 4:34:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 224 time(s).
8/16/2011 4:34:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 223 time(s).
8/16/2011 4:33:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 222 time(s).
8/16/2011 4:33:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 221 time(s).
8/16/2011 4:33:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 220 time(s).
8/16/2011 4:32:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 219 time(s).
8/16/2011 4:32:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 218 time(s).
8/16/2011 4:32:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 217 time(s).
8/16/2011 4:31:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 216 time(s).
8/16/2011 4:31:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 215 time(s).
8/16/2011 4:31:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 214 time(s).
8/16/2011 4:30:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 213 time(s).
8/16/2011 4:30:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 212 time(s).
8/16/2011 4:30:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 211 time(s).
8/16/2011 4:29:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 210 time(s).
8/16/2011 4:29:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 209 time(s).
8/16/2011 4:29:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 208 time(s).
8/16/2011 4:28:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 207 time(s).
8/16/2011 4:28:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 206 time(s).
8/16/2011 4:28:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 205 time(s).
8/16/2011 4:27:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 204 time(s).
8/16/2011 4:27:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 203 time(s).
8/16/2011 4:27:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 202 time(s).
8/16/2011 4:26:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 201 time(s).
8/16/2011 4:26:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 200 time(s).
8/16/2011 4:25:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 199 time(s).
8/16/2011 4:25:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 198 time(s).
8/16/2011 4:25:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 197 time(s).
8/16/2011 4:24:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 196 time(s).
8/16/2011 4:24:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 195 time(s).
8/16/2011 4:24:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 194 time(s).
8/16/2011 4:23:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 193 time(s).
8/16/2011 4:23:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 192 time(s).
8/16/2011 4:23:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 191 time(s).
8/16/2011 4:22:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 190 time(s).
8/16/2011 4:22:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 189 time(s).
8/16/2011 4:22:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 188 time(s).
8/16/2011 4:21:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 187 time(s).
8/16/2011 4:21:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 186 time(s).
8/16/2011 4:21:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 185 time(s).
8/16/2011 4:20:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 184 time(s).
8/16/2011 4:20:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 183 time(s).
8/16/2011 4:20:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 182 time(s).
8/16/2011 4:19:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 181 time(s).
8/16/2011 4:19:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 180 time(s).
8/16/2011 4:19:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 179 time(s).
8/16/2011 4:18:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 178 time(s).
8/16/2011 4:18:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 177 time(s).
8/16/2011 4:18:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 176 time(s).
8/16/2011 4:17:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 175 time(s).
8/16/2011 4:17:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 174 time(s).
8/16/2011 4:17:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 173 time(s).
8/16/2011 4:16:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 172 time(s).
8/16/2011 4:16:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 171 time(s).
8/16/2011 4:16:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 170 time(s).
8/16/2011 4:15:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 169 time(s).
8/16/2011 4:15:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 168 time(s).
8/16/2011 4:15:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 167 time(s).
8/16/2011 4:14:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 166 time(s).
8/16/2011 4:14:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 165 time(s).
8/16/2011 4:14:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 164 time(s).
8/16/2011 4:13:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 163 time(s).
8/16/2011 4:13:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 162 time(s).
8/16/2011 4:13:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 161 time(s).
8/16/2011 4:12:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 160 time(s).
8/16/2011 4:12:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 159 time(s).
8/16/2011 4:12:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 158 time(s).
8/16/2011 4:11:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 157 time(s).
8/16/2011 4:11:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 156 time(s).
8/16/2011 4:11:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 155 time(s).
8/16/2011 4:10:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 154 time(s).
8/16/2011 4:10:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 153 time(s).
8/16/2011 4:10:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 152 time(s).
8/16/2011 4:09:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 151 time(s).
8/16/2011 4:09:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 150 time(s).
8/16/2011 4:09:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 149 time(s).
8/16/2011 4:08:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 148 time(s).
8/16/2011 4:08:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 147 time(s).
8/16/2011 4:07:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 146 time(s).
8/16/2011 4:07:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 145 time(s).
8/16/2011 4:07:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 144 time(s).
8/16/2011 4:06:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 143 time(s).
8/16/2011 4:06:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 142 time(s).
8/16/2011 4:06:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 141 time(s).
8/16/2011 4:05:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 140 time(s).
8/16/2011 4:05:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 139 time(s).
8/16/2011 4:05:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 138 time(s).
8/16/2011 4:04:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 137 time(s).
8/16/2011 4:04:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 136 time(s).
8/16/2011 4:04:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 135 time(s).
8/16/2011 4:03:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 134 time(s).
8/16/2011 4:03:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 133 time(s).
8/16/2011 4:03:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 132 time(s).
8/16/2011 4:02:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 131 time(s).
8/16/2011 4:02:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 130 time(s).
8/16/2011 4:02:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 129 time(s).
8/16/2011 4:01:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 128 time(s).
8/16/2011 4:01:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 127 time(s).
8/16/2011 4:01:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 126 time(s).
8/16/2011 4:00:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 125 time(s).
8/16/2011 4:00:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 124 time(s).
8/16/2011 4:00:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 123 time(s).
8/16/2011 3:59:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 122 time(s).
8/16/2011 3:59:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 121 time(s).
8/16/2011 3:59:14 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 120 time(s).
8/16/2011 3:58:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 119 time(s).
8/16/2011 3:58:34 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 118 time(s).
8/16/2011 3:58:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 117 time(s).
8/16/2011 3:57:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 116 time(s).
8/16/2011 3:57:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 115 time(s).
8/16/2011 3:57:13 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 114 time(s).
8/16/2011 3:56:53 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 113 time(s).
8/16/2011 3:56:33 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 112 time(s).
8/16/2011 3:56:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 111 time(s).
8/16/2011 3:55:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 110 time(s).
8/16/2011 3:55:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 109 time(s).
8/16/2011 3:55:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 108 time(s).
8/16/2011 3:54:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 107 time(s).
8/16/2011 3:54:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 106 time(s).
8/16/2011 3:54:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 105 time(s).
8/16/2011 3:53:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 104 time(s).
8/16/2011 3:53:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 103 time(s).
8/16/2011 3:53:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 102 time(s).
8/16/2011 3:52:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 101 time(s).
8/16/2011 3:52:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 100 time(s).
8/16/2011 3:52:10 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 99 time(s).
8/16/2011 3:51:50 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 98 time(s).
8/16/2011 3:51:30 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 97 time(s).
8/16/2011 3:51:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 96 time(s).
8/16/2011 3:50:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 95 time(s).
8/16/2011 3:50:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 94 time(s).
8/16/2011 3:50:09 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 93 time(s).
8/16/2011 3:49:49 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 92 time(s).
8/16/2011 3:49:29 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 91 time(s).
8/16/2011 3:49:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 90 time(s).
8/16/2011 3:48:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 89 time(s).
8/16/2011 3:48:28 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 88 time(s).
8/16/2011 3:48:08 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 87 time(s).
8/16/2011 3:47:48 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 86 time(s).
8/16/2011 3:47:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 85 time(s).
8/16/2011 3:47:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 84 time(s).
8/16/2011 3:46:47 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 83 time(s).
8/16/2011 3:46:27 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 82 time(s).
8/16/2011 3:46:07 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 81 time(s).
8/16/2011 3:45:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 80 time(s).
8/16/2011 3:45:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 79 time(s).
8/16/2011 3:45:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 78 time(s).
8/16/2011 3:44:46 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 77 time(s).
8/16/2011 3:44:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 76 time(s).
8/16/2011 3:44:06 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 75 time(s).
8/16/2011 3:43:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 74 time(s).
8/16/2011 3:43:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 73 time(s).
8/16/2011 3:43:05 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 72 time(s).
8/16/2011 3:42:45 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 71 time(s).
8/16/2011 3:42:25 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 70 time(s).
8/16/2011 3:42:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 69 time(s).
8/16/2011 3:41:44 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 68 time(s).
8/16/2011 3:41:24 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 67 time(s).
8/16/2011 3:41:04 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 66 time(s).
8/16/2011 3:40:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 65 time(s).
8/16/2011 3:40:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 64 time(s).
8/16/2011 3:40:03 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 63 time(s).
8/16/2011 3:39:43 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 62 time(s).
8/16/2011 3:39:23 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 61 time(s).
8/16/2011 3:39:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 60 time(s).
8/16/2011 3:38:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 59 time(s).
8/16/2011 3:38:22 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 58 time(s).
8/16/2011 3:38:02 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 57 time(s).
8/16/2011 3:37:42 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 56 time(s).
8/16/2011 3:37:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 55 time(s).
8/16/2011 3:37:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 54 time(s).
8/16/2011 3:36:41 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 53 time(s).
8/16/2011 3:36:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 52 time(s).
8/16/2011 3:36:01 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 51 time(s).
8/16/2011 3:35:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 50 time(s).
8/16/2011 3:35:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 49 time(s).
8/16/2011 3:35:00 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 48 time(s).
8/16/2011 3:34:40 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 47 time(s).
8/16/2011 3:34:20 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 46 time(s).
8/16/2011 3:33:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 45 time(s).
8/16/2011 3:33:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 44 time(s).
8/16/2011 3:33:19 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 43 time(s).
8/16/2011 3:32:59 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 42 time(s).
8/16/2011 3:32:39 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 41 time(s).
8/16/2011 3:32:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 40 time(s).
8/16/2011 3:31:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 39 time(s).
8/16/2011 3:31:38 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 38 time(s).
8/16/2011 3:31:18 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 37 time(s).
8/16/2011 3:30:58 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 36 time(s).
8/16/2011 3:30:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 35 time(s).
8/16/2011 3:30:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 34 time(s).
8/16/2011 3:29:57 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 33 time(s).
8/16/2011 3:29:37 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 32 time(s).
8/16/2011 3:29:17 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 31 time(s).
8/16/2011 3:28:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 30 time(s).
8/16/2011 3:28:36 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 29 time(s).
8/16/2011 3:28:16 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 28 time(s).
8/16/2011 3:27:56 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 27 time(s).
8/16/2011 3:27:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 26 time(s).
8/16/2011 3:27:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 25 time(s).
8/16/2011 3:26:55 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 24 time(s).
8/16/2011 3:26:35 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 23 time(s).
8/16/2011 3:26:15 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 22 time(s).
8/16/2011 3:25:54 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 21 time(s).
8/16/2011 2:23:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
8/16/2011 2:22:24 PM, Error: EventLog [6008] - The previous system shutdown at 2:21:03 PM on 8/16/2011 was unexpected.
8/14/2011 3:05:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 20 time(s).
8/14/2011 3:04:52 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 19 time(s).
8/14/2011 3:04:32 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 18 time(s).
8/14/2011 3:04:12 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 17 time(s).
8/14/2011 3:03:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 16 time(s).
8/14/2011 3:03:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 15 time(s).
8/14/2011 3:03:11 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 14 time(s).
8/14/2011 3:02:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 13 time(s).
8/14/2011 3:02:31 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 12 time(s).
8/14/2011 2:58:23 PM, Error: EventLog [6008] - The previous system shutdown at 2:57:07 PM on 8/14/2011 was unexpected.
8/14/2011 2:11:17 PM, Error: EventLog [6008] - The previous system shutdown at 2:09:32 PM on 8/14/2011 was unexpected.
8/14/2011 11:31:35 PM, Error: EventLog [6008] - The previous system shutdown at 10:03:02 PM on 8/14/2011 was unexpected.
8/13/2011 7:34:01 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 11 time(s).
8/13/2011 6:21:29 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 10 time(s).
8/13/2011 4:13:48 PM, Error: EventLog [6008] - The previous system shutdown at 4:12:40 PM on 8/13/2011 was unexpected.
8/13/2011 3:12:54 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 9 time(s).
8/13/2011 3:12:34 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 8 time(s).
8/13/2011 3:12:13 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 7 time(s).
8/13/2011 3:11:53 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 6 time(s).
8/13/2011 3:11:33 AM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 5 time(s).
8/13/2011 3:09:56 AM, Error: EventLog [6008] - The previous system shutdown at 3:08:36 AM on 8/13/2011 was unexpected.
8/12/2011 11:34:16 PM, Error: EventLog [6008] - The previous system shutdown at 11:33:21 PM on 8/12/2011 was unexpected.
8/11/2011 9:20:26 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 4 time(s).
8/11/2011 6:30:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/11/2011 6:29:14 PM, Error: EventLog [6008] - The previous system shutdown at 5:11:23 PM on 8/11/2011 was unexpected.
8/11/2011 2:21:51 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).
8/11/2011 2:21:25 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/11/2011 2:21:25 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/11/2011 2:21:25 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).
8/11/2011 2:21:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/11/2011 2:21:25 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/11/2011 2:21:22 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/11/2011 2:20:48 PM, Error: EventLog [6008] - The previous system shutdown at 2:19:12 PM on 8/11/2011 was unexpected.
8/11/2011 10:06:59 PM, Error: EventLog [6008] - The previous system shutdown at 10:03:05 PM on 8/11/2011 was unexpected.
.
==== End Of File ===========================

#10 xxEMOxx

xxEMOxx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 29 August 2011 - 02:43 AM

HEre is the GMER log from the infected PC!!

GMER LOG:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-18 22:01:50
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 TOSHIBA_MK2555GSX rev.FG001M
Running: gmer.exe; Driver: C:\Users\XMATTI~1\AppData\Local\Temp\ffkyrpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90A67202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90A697F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90A69848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90A6995E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90A69746]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x80797F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x80798230]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x90A69898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90A6979A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90A6990C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90A67226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90A66FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90A6724A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90A69D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90A67CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90A69820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90A69870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90A69988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90A69772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90A698D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90A697C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90A69936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90A67BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90A6726E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90A67292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90A6704A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90A67186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90A67162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90A671AA]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x807979D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90A672B6]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x8079852C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 340 81CEF904 4 Bytes [02, 72, A6, 90] {ADD DH, [EDX-0x5a]; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 404 81CEF9C8 4 Bytes [F0, 97, A6, 90]
.text ntkrnlpa.exe!KeSetTimerEx + 409 81CEF9CD 3 Bytes [98, A6, 90] {CWDE ; CMPSB ; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 410 81CEF9D4 4 Bytes [5E, 99, A6, 90] {POP ESI; CDQ ; CMPSB ; NOP }
.text ntkrnlpa.exe!KeSetTimerEx + 428 81CEF9EC 4 Bytes [46, 97, A6, 90] {INC ESI; XCHG EDI, EAX; CMPSB ; NOP }
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 81E169EE 5 Bytes JMP 91C8BD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 81E532B6 4 Bytes CALL 90A6834B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 81E62C19 4 Bytes CALL 90A68361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 81E7F357 5 Bytes JMP 91C8D7F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x8B753480, 0x3C939, 0xE8000020]
.dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x8B794900, 0x3CA, 0x48000040]
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F607000, 0x263970, 0xE8000020]
.text win32k.sys!EngCreateRectRgn + 51BF 972540E7 5 Bytes JMP 90A6A440 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPaint + 2029 97267309 5 Bytes JMP 90A69E58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + B11 9727AB6D 5 Bytes JMP 90A69D8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + EE8 9727AF44 5 Bytes JMP 90A6ABD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCombineRgn + 3161 9727F869 5 Bytes JMP 90A6A03E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetRectRgn + 1939 97282539 5 Bytes JMP 90A69F34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 65B3 9728C6BD 5 Bytes JMP 90A6A316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTransparentBlt + 8726 9728E830 5 Bytes JMP 90A6AF72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C740 972ABE67 5 Bytes JMP 90A6A180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + C813 972ABF3A 5 Bytes JMP 90A6A326 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3FB5 972CDF31 5 Bytes JMP 90A6AB64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 7E1D 972D1D99 5 Bytes JMP 90A69FA4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 442A 972E4174 5 Bytes JMP 90A69E70 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 9061 972E8DAB 5 Bytes JMP 90A6AD54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngNineGrid + 92BD 972E9007 5 Bytes JMP 90A6AE0C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 3828 972FD320 5 Bytes JMP 90A6B014 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStrokePath + 4D18 97305A46 5 Bytes JMP 90A6ABAE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 1763 9730F4C5 5 Bytes JMP 90A6ACA2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_vEnumStart + 478A 97315F43 5 Bytes JMP 90A69EF0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 40E 973324F3 5 Bytes JMP 90A6A0AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_bEnum + CF6 9733C313 5 Bytes JMP 90A6A008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26D9 9733FE42 5 Bytes JMP 90A6AECA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 308C 9735AA77 5 Bytes JMP 90A6A0E8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\Users\XMATTI~1\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\csrss.exe[628] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[636] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\System32\spoolsv.exe[636] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\spoolsv.exe[636] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\spoolsv.exe[636] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00130804
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001301F8
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001303FC
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00130600
.text C:\Windows\System32\spoolsv.exe[636] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00130A08
.text C:\Windows\system32\wininit.exe[684] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[684] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[684] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[684] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[684] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[684] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[684] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000603FC
.text C:\Windows\system32\wininit.exe[684] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[684] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00060A08
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[696] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[696] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[696] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[696] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\svchost.exe[696] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\svchost.exe[696] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\svchost.exe[696] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\svchost.exe[696] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\csrss.exe[704] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[736] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[736] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[736] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\services.exe[736] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[736] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[748] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[748] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[748] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[748] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[748] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsm.exe[756] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\system32\lsm.exe[756] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\system32\lsm.exe[756] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\lsm.exe[756] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[836] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[836] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[836] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000603FC
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[836] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00060A08
.text C:\Windows\system32\agrsmsvc.exe[908] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000801F8
.text C:\Windows\system32\agrsmsvc.exe[908] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000803FC
.text C:\Windows\system32\agrsmsvc.exe[908] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000A03FC
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000A0600
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000A1014
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000A0804
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000A0A08
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000A0C0C
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000A0E10
.text C:\Windows\system32\agrsmsvc.exe[908] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000A01F8
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000B0804
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000B01F8
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000B03FC
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000B0600
.text C:\Windows\system32\agrsmsvc.exe[908] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[948] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[948] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[948] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[1004] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 009C0804
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 009C01F8
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 009C03FC
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 009C0600
.text C:\Windows\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 009C0A08
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1088] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1088] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1088] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000E0804
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000E01F8
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000E03FC
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000E0600
.text C:\Windows\System32\svchost.exe[1088] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000E0A08
.text C:\Windows\system32\atiesrxx.exe[1176] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Windows\system32\atiesrxx.exe[1176] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\atiesrxx.exe[1176] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\atiesrxx.exe[1176] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\atiesrxx.exe[1176] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1188] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1204] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1204] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001703FC
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00170600
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00171014
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00170804
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00170A08
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00170C0C
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00170E10
.text C:\Windows\System32\svchost.exe[1204] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001701F8
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 009A0804
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 009A01F8
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 009A03FC
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 009A0600
.text C:\Windows\System32\svchost.exe[1204] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 009A0A08
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[1264] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000C03FC
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!DeleteService 76E33BEE 3 Bytes JMP 000C0600
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!DeleteService + 4 76E33BF2 1 Byte [89]
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000C1014
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000C0804
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000C0A08
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000C0C0C
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000C0E10
.text C:\Windows\System32\svchost.exe[1264] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000C01F8
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00E40804
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 00E401F8
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 00E403FC
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00E40600
.text C:\Windows\System32\svchost.exe[1264] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00E40A08
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1284] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1284] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1284] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000D0804
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000D01F8
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000D03FC
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000D0600
.text C:\Windows\system32\svchost.exe[1284] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000D0A08
.text C:\Windows\system32\AUDIODG.EXE[1348] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1472] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00BD0804
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 00BD01F8
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 00BD03FC
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00BD0600
.text C:\Windows\system32\svchost.exe[1472] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00BD0A08
.text C:\Windows\system32\atieclxx.exe[1524] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Windows\system32\atieclxx.exe[1524] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\atieclxx.exe[1524] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\atieclxx.exe[1524] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\atieclxx.exe[1524] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[1716] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1716] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1716] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1716] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00140804
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001401F8
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001403FC
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00140600
.text C:\Windows\system32\svchost.exe[1716] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00140A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001901F8
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001A03FC
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 001A0600
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 001A1014
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 001A0804
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 001A0A08
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 001A0C0C
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 001A0E10
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[1796] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001A01F8
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1852] kernel32.dll!SetUnhandledExceptionFilter 772E6E2D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1852] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 001A0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001A01F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001A03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 001A0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 001A0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001B03FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 001B0600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 001B1014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 001B0804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 001B0A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 001B0C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 001B0E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe[1900] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001B01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000401F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000403FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2152] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Motive\McciCMService.exe[2168] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\Motive\McciServiceHost.exe[2200] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2260] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2260] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2260] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000B0A08
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\TOSHIBA\RSelect\RSelSvc.exe[2276] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\svchost.exe[2316] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2316] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2316] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2316] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001903FC
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00190600
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00191014
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00190804
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00190A08
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00190C0C
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00190E10
.text C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe[2352] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001901F8
.text C:\Windows\system32\TODDSrv.exe[2428] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Windows\system32\TODDSrv.exe[2428] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Windows\system32\TODDSrv.exe[2428] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Windows\system32\TODDSrv.exe[2428] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Windows\system32\TODDSrv.exe[2428] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 002B03FC
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 002B0600
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 002B1014
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 002B0804
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 002B0A08
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 002B0C0C
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 002B0E10
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 002B01F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 002C0804
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 002C01F8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 002C03FC
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 002C0600
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2464] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 002C0A08
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 003103FC
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00310600
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00311014
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00310804
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00310A08
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00310C0C
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00310E10
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 003101F8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00320804
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 003201F8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 003203FC
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00320600
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2492] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00320A08
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00171014
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00170C0C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00170E10
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe[2560] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00180A08
.text C:\Windows\System32\svchost.exe[2612] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\System32\svchost.exe[2612] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\System32\svchost.exe[2612] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\System32\svchost.exe[2612] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2668] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2828] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2828] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2828] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2828] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00210804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 002101F8
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 002103FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00210600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00210A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 002203FC
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00220600
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00221014
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00220804
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00220A08
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00220C0C
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00220E10
.text C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe[2956] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 002201F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000401F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000403FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000603FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00060600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00061014
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00060804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00060A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00060C0C
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00060E10
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000601F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00070804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000701F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000703FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00070600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[2980] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\unsecapp.exe[3132] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\unsecapp.exe[3132] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00180804
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001801F8
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001803FC
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00180600
.text C:\Windows\system32\wbem\unsecapp.exe[3132] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00180A08
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 003203FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00320600
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00321014
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00320804
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00320A08
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00320C0C
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00320E10
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 003201F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00330804
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 003301F8
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 003303FC
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00330600
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3164] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00330A08
.text C:\Windows\system32\Dwm.exe[3192] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[3192] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000903FC
.text C:\Windows\system32\Dwm.exe[3192] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 000B0600
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 000B1014
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 000B0804
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 000B0A08
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\Dwm.exe[3192] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000B01F8
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000C03FC
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[3192] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 000C0A08
.text C:\Windows\system32\taskeng.exe[3212] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[3212] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[3212] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[3212] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[3212] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[3248] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[3248] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\Explorer.EXE[3248] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\Explorer.EXE[3248] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\Explorer.EXE[3248] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\Explorer.EXE[3248] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[3280] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001703FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00170600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00171014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00170804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00170A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00B70804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 00B701F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 00B703FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00B70600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3352] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00B70A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001703FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00170600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00171014
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00170804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00170A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00170C0C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00170E10
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001701F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00180804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001801F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001803FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00180600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3440] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3476] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[3484] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3544] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00070A08
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001B03FC
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 001B0600
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 001B1014
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 001B0804
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 001B0A08
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 001B0C0C
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 001B0E10
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001B01F8
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 001C0804
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001C01F8
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001C03FC
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 001C0600
.text C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe[3572] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 001C0A08
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00270804
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 002701F8
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 002703FC
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00270600
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00270A08
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 002803FC
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00280600
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00281014
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00280804
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00280A08
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00280C0C
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00280E10
.text C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe[3644] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 002801F8
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001903FC
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00190600
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00191014
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00190804
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00190A08
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00190C0C
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00190E10
.text C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe[3772] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001901F8
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00330804
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 003301F8
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 003303FC
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00330600
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00330A08
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 003403FC
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00340600
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00341014
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00340804
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00340A08
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00340C0C
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00340E10
.text C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe[3788] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 003401F8
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 002B0804
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 002B01F8
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 002B03FC
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 002B0600
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 002B0A08
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 002C03FC
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 002C0600
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 002C1014
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 002C0804
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 002C0A08
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 002C0C0C
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 002C0E10
.text C:\Program Files\TOSHIBA\TECO\TEco.exe[3832] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 002C01F8
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\TOSHIBA\TANU\TANU.exe[3884] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001E03FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 001E0600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 001E1014
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 001E0804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 001E0A08
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 001E0C0C
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 001E0E10
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001E01F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 001F0804
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001F01F8
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001F03FC
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 001F0600
.text C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe[3932] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 001F0A08
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3948] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[4192] KERNEL32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00080804
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000801F8
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000803FC
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00080600
.text C:\Windows\system32\wbem\wmiprvse.exe[4384] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00080A08
.text C:\Windows\System32\svchost.exe[4560] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[4892] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 000501F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 000503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 000703FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00070600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00071014
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 5 Bytes JMP 00070804
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00070A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00070C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00070E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 000701F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00090804
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 000901F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 000903FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00090600
.text C:\Program Files\Mozilla Firefox\firefox.exe[5100] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00090A08
.text C:\Users\xMATTIExPOOx\Desktop\Games APS and EXE's\Virus Software Stuff\gmer.exe[5384] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ntdll.dll!LdrLoadDll 77167933 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ntdll.dll!LdrUnloadDll 7717E89C 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!SetWindowsHookExW 76F57B69 5 Bytes JMP 00170804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!SetWinEventHook 76F5915C 5 Bytes JMP 001701F8
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!UnhookWinEvent 76F5B702 5 Bytes JMP 001703FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!SetWindowsHookExA 76F7BB0E 5 Bytes JMP 00170600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] USER32.dll!UnhookWindowsHookEx 76F808BE 5 Bytes JMP 00170A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!CreateServiceW 76E338FF 5 Bytes JMP 001803FC
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!DeleteService 76E33BEE 5 Bytes JMP 00180600
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!SetServiceObjectSecurity 76E766A9 5 Bytes JMP 00181014
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfigA 76E767A9 3 Bytes JMP 00180804
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfigA + 4 76E767AD 1 Byte [89]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfigW 76E76951 5 Bytes JMP 00180A08
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfig2A 76E76A69 5 Bytes JMP 00180C0C
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!ChangeServiceConfig2W 76E76BB1 5 Bytes JMP 00180E10
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[5432] ADVAPI32.dll!CreateServiceA 76E76C71 5 Bytes JMP 001801F8
.text C:\Windows\system32\NOTEPAD.EXE[5672] kernel32.dll!GetBinaryTypeW + 70 77311AE8 1 Byte [62]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:57 AM

Posted 29 August 2011 - 11:34 AM

We ask for updated logs to be able to see the most actual state of your computer, as malware may invite friends. However in your case it looks like a firefox add on that is causing redirects. The following should get rid of that.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 xxEMOxx

xxEMOxx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 01 September 2011 - 12:47 PM

Elise,

The logs although repeats of the prior, are the most current as after the logs where taken the machience has since been shut down. ( do not wish the virus and such to propagate, and etc. )

I will run the combofix, and post the log up in a while.

Thank you for your help thus far.


Log to follow in a while.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:57 AM

Posted 01 September 2011 - 01:42 PM

Okay, take your time! :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 xxEMOxx

xxEMOxx
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:03:57 PM

Posted 05 September 2011 - 01:03 PM

Elise,

Below is my combofix log:

ComboFix 11-09-05.03 - xMATTIExPOOx 09/05/2011 10:50:05.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3581.2460 [GMT -7:00]
Running from: c:\users\xMATTIExPOOx\Desktop\Games APS and EXE's\Virus Software Stuff\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ATIDEMGX32.dll
c:\programdata\ATIDEMGX32.exe
c:\users\xMATTIExPOOx\AppData\Roaming\Mozilla\Firefox\Profiles\d8xqlwck.default\extensions\{c9be5bae-62a2-4d50-806a-d7216eabb447}
c:\users\xMATTIExPOOx\AppData\Roaming\Mozilla\Firefox\Profiles\d8xqlwck.default\extensions\{c9be5bae-62a2-4d50-806a-d7216eabb447}\chrome.manifest
c:\users\xMATTIExPOOx\AppData\Roaming\Mozilla\Firefox\Profiles\d8xqlwck.default\extensions\{c9be5bae-62a2-4d50-806a-d7216eabb447}\chrome\xulcache.jar
c:\users\xMATTIExPOOx\AppData\Roaming\Mozilla\Firefox\Profiles\d8xqlwck.default\extensions\{c9be5bae-62a2-4d50-806a-d7216eabb447}\defaults\preferences\xulcache.js
c:\users\xMATTIExPOOx\AppData\Roaming\Mozilla\Firefox\Profiles\d8xqlwck.default\extensions\{c9be5bae-62a2-4d50-806a-d7216eabb447}\install.rdf
c:\windows\system32\E_FD4BFBA.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))
.
.
2011-09-05 17:58 . 2011-09-05 17:59 -------- d-----w- c:\users\xMATTIExPOOx\AppData\Local\temp
2011-09-05 17:58 . 2011-09-05 17:58 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-09-05 17:58 . 2011-09-05 17:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-25 23:42 . 2011-08-25 23:42 -------- d-----r- c:\users\xMATTIExPOOx\AppData\Roaming\Brother
2011-08-21 08:32 . 2011-08-21 08:32 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-08-21 08:32 . 2011-08-21 08:32 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-08-18 23:29 . 2011-08-18 23:29 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-18 23:29 . 2011-08-18 23:29 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-08-18 23:29 . 2011-08-18 23:29 134464 ----a-w- c:\windows\system32\LnkProtect.dll
2011-08-18 23:28 . 2011-08-18 23:28 -------- d-----w- c:\programdata\Hitman Pro
2011-08-18 17:20 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-08-18 17:20 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-18 17:20 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-08-18 17:20 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-08-18 17:20 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 16:44 . 2011-07-22 18:52 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0FA2DF07-6E38-4F8D-B842-40BFAAE4335F}\mpengine.dll
2011-07-07 02:52 . 2011-04-07 20:58 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52 . 2011-04-07 20:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-04 11:43 . 2011-04-08 15:38 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2009-10-04 21:13 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-08 15:39 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2009-10-04 21:14 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2009-10-04 21:14 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2009-10-04 21:14 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2009-10-04 21:13 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2009-10-04 21:14 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-30 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-22 61440]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-13 6965792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-03-18 1451304]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-03-07 468320]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 55160]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-12-18 448376]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-03-23 729088]
"NDSTray.exe"="c:\program files\TOSHIBA\ConfigFree\NDSTray.exe" [2009-05-13 299008]
"cfFncEnabler.exe"="c:\program files\TOSHIBA\ConfigFree\cfFncEnabler.exe" [2009-03-24 16384]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2009-04-15 1318912]
"TANU"="c:\program files\TOSHIBA\TANU\TANU.exe" [2009-03-28 263560]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe" [2009-03-24 1007616]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-4-13 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^xMATTIExPOOx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
path=c:\users\xMATTIExPOOx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk
backup=c:\windows\pss\Antimalware Doctor.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]
2009-04-07 16:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON NX110 Series]
2008-09-26 13:00 199680 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIFBA.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-16 02:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 135664]
R2 MMCSS32;Multimedia Class Scheduler ;c:\windows\system32\mscat3232.exe [2011-07-20 569344]
R2 PNRPAutoReg32;PNRP Machine Name Publication Service ;c:\windows\system32\wmidx32.exe [x]
R2 THREADORDER32;Thread Ordering Server ;c:\windows\system32\NlsData000032.exe [x]
R3 37F2DF21;37F2DF21;c:\windows\system32\37F2DF21.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 135664]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-08-18 23624]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-25 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-23 25896]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-04-22 176128]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-07 366640]
S2 McciServiceHost;McciServiceHost;c:\program files\Common Files\Motive\McciServiceHost.exe [2010-07-27 315392]
S2 RSELSVC;TOSHIBA Modem region select service;c:\program files\TOSHIBA\RSelect\RSelSvc.exe [2009-02-19 57344]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-04-15 176128]
S2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-03-17 73728]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2006-11-20 7168]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-07 22712]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 00:42]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-03 00:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\users\xMATTIExPOOx\AppData\Roaming\Mozilla\Firefox\Profiles\d8xqlwck.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: FireFTP button: {9BAE5926-8513-417d-8E47-774955A7C60D} - %profile%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-05 10:59
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-09-05 11:01:23
ComboFix-quarantined-files.txt 2011-09-05 18:01
ComboFix2.txt 2011-07-22 19:29
.
Pre-Run: 96,232,550,400 bytes free
Post-Run: 97,972,379,648 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F33D4DA5B81461A24486AEC6156205B4


if u need anything else please let me know!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:57 AM

Posted 05 September 2011 - 01:20 PM

How are things running now?

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Driver::
37F2DF21

Rootkit::
c:\windows\system32\37F2DF21.exe 
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users